From dnataraj at trilobytesystems.com Thu Jan 2 14:50:34 2014
From: dnataraj at trilobytesystems.com (Deepak Natarajan)
Date: Thu, 02 Jan 2014 15:50:34 +0200
Subject: [midPoint] Re. Referring to resource variable inside expression.
Message-ID: <52C56EAA.3010605@trilobytesystems.com>
Hi -
I'm struggling with a simple evaluation (I've removed namespace
declarations for readability) :
ri:orgdesc$user/extension/apos:aposUnitAttributes
I've tried everything, but the variable passed to the XPath tokenize
function is always nil (I know the function works correctly, since I use
it elsewhere, and using a literal string above produces the correct results)
I've tried including a before the expression with an explicit
but that doesn't seem to work either.
Thanks for any input! - I'm using build Version: 2.3-SNAPSHOT, describe:
git-v2.3devel-383-g6ef8f72
BR/Deepak
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From dnataraj at trilobytesystems.com Thu Jan 2 14:56:46 2014
From: dnataraj at trilobytesystems.com (Deepak Natarajan)
Date: Thu, 02 Jan 2014 15:56:46 +0200
Subject: [midPoint] Re. Referring to resource variable inside expression.
In-Reply-To: <52C56EAA.3010605@trilobytesystems.com>
References: <52C56EAA.3010605@trilobytesystems.com>
Message-ID: <52C5701E.2090600@trilobytesystems.com>
OK, I got this to work with
tokenize($c:input, "/")[last()]
which is fine. I wonder why referring to the ref directly did not work....
> Deepak Natarajan
> January 2, 2014 at 3:50 PM
>
> Hi -
>
> I'm struggling with a simple evaluation (I've removed namespace
> declarations for readability) :
>
>
> ri:orgdesc
>
>
>
>
>
>
> $user/extension/apos:aposUnitAttributes
>
>
>
>
> I've tried everything, but the variable passed to the XPath tokenize
> function is always nil (I know the function works correctly, since I
> use it elsewhere, and using a literal string above produces the
> correct results)
>
> I've tried including a before the expression with an explicit
> but that doesn't seem to work either.
>
> Thanks for any input! - I'm using build Version: 2.3-SNAPSHOT,
> describe: git-v2.3devel-383-g6ef8f72
>
> BR/Deepak
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: compose-unknown-contact.jpg
Type: image/jpeg
Size: 770 bytes
Desc: not available
URL:
From ivan.noris at evolveum.com Thu Jan 2 15:03:32 2014
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Thu, 02 Jan 2014 15:03:32 +0100
Subject: [midPoint] Re. Referring to resource variable inside expression.
In-Reply-To: <52C56EAA.3010605@trilobytesystems.com>
References: <52C56EAA.3010605@trilobytesystems.com>
Message-ID: <52C571B4.9080201@evolveum.com>
Hi Deepak,
just a blind shot - try to use implicit variable named "input" (it is
mapped to the "source" of the inbound expression, in your case, ri:orgdesc).
See an example (adapted from my customer's resource) written in Groovy
(not XPath):
ri:orgUnitHierarchyOrganizational Hierarchyread$user/extension/mycustomer:ouPath
I do not use XPath in expressions unless absolutely necessary because
the debugging is quite _challenging_ ;) and it's lot easier to debug
Groovy statements.
Regards,
Ivan
On 01/02/2014 02:50 PM, Deepak Natarajan wrote:
>
> Hi -
>
> I'm struggling with a simple evaluation (I've removed namespace
> declarations for readability) :
>
>
> ri:orgdesc
>
>
>
>
>
>
> $user/extension/apos:aposUnitAttributes
>
>
>
>
> I've tried everything, but the variable passed to the XPath tokenize
> function is always nil (I know the function works correctly, since I
> use it elsewhere, and using a literal string above produces the
> correct results)
>
> I've tried including a before the expression with an explicit
> but that doesn't seem to work either.
>
> Thanks for any input! - I'm using build Version: 2.3-SNAPSHOT,
> describe: git-v2.3devel-383-g6ef8f72
>
> BR/Deepak
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ing. Ivan Noris
Consultant
Evolveum, s.r.o
___________________________________________________
"Semper cautus - semper paratus - semper idem Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From dnataraj at trilobytesystems.com Thu Jan 2 15:11:39 2014
From: dnataraj at trilobytesystems.com (Deepak Natarajan)
Date: Thu, 02 Jan 2014 16:11:39 +0200
Subject: [midPoint] Re. Referring to resource variable inside expression.
In-Reply-To: <52C571B4.9080201@evolveum.com>
References: <52C56EAA.3010605@trilobytesystems.com>
<52C571B4.9080201@evolveum.com>
Message-ID: <52C5739B.5060007@trilobytesystems.com>
Hi Ivan -
Thanks - I tried with $c:input and it worked.
It's a bit weird since in an object template (which I use for
post-creation assignments etc), doing it like this worked :
varnamevarpath
seems to work, but this fails when I try something similar in a resource
configuration...thought it is quite possible my varpath had an error in
it...(i used $account/attributes/ri:var)
but using 'input' works, thanks!
> Ivan Noris
> January 2, 2014 at 4:03 PM
> Hi Deepak,
>
> just a blind shot - try to use implicit variable named "input" (it is
> mapped to the "source" of the inbound expression, in your case,
> ri:orgdesc).
>
> See an example (adapted from my customer's resource) written in Groovy
> (not XPath):
>
>
> ri:orgUnitHierarchy
> Organizational Hierarchy
> read
>
>
>
>
>
> $user/extension/mycustomer:ouPath
>
>
>
>
> I do not use XPath in expressions unless absolutely necessary because
> the debugging is quite _challenging_ ;) and it's lot easier to debug
> Groovy statements.
>
> Regards,
> Ivan
>
> On 01/02/2014 02:50 PM, Deepak Natarajan wrote:
>
> --
> Ing. Ivan Noris
> Consultant
> Evolveum, s.r.o
> ___________________________________________________
> "Semper cautus - semper paratus - semper idem Vix."
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
> Deepak Natarajan
> January 2, 2014 at 3:50 PM
>
> Hi -
>
> I'm struggling with a simple evaluation (I've removed namespace
> declarations for readability) :
>
>
> ri:orgdesc
>
>
>
>
>
>
> $user/extension/apos:aposUnitAttributes
>
>
>
>
> I've tried everything, but the variable passed to the XPath tokenize
> function is always nil (I know the function works correctly, since I
> use it elsewhere, and using a literal string above produces the
> correct results)
>
> I've tried including a before the expression with an explicit
> but that doesn't seem to work either.
>
> Thanks for any input! - I'm using build Version: 2.3-SNAPSHOT,
> describe: git-v2.3devel-383-g6ef8f72
>
> BR/Deepak
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: compose-unknown-contact.jpg
Type: image/jpeg
Size: 770 bytes
Desc: not available
URL:
From dnataraj at trilobytesystems.com Tue Jan 7 16:55:59 2014
From: dnataraj at trilobytesystems.com (Deepak Natarajan)
Date: Tue, 07 Jan 2014 16:55:59 +0100
Subject: [midPoint] Re. Group Membership in an AD Resource.
Message-ID: <52CC238F.9020401@trilobytesystems.com>
Hi -
I'm trying to figure out how to implement group membership for an Active
Directory resource.
We are using Midpoint 2.3-SNAPSHOT.
Is it still possible to execute this using the idea of LDAP groups
described here :
https://wiki.evolveum.com/display/midPoint/LDAP+Groups+HOWTO (since AD
supports LDAPv3)?
Does anyone have any working configuration they can share that they use
against Active Directory to provision users and also set up group
memberships?
Thanks in advance!
BR/Deepak
From ivan.noris at evolveum.com Tue Jan 7 17:23:10 2014
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Tue, 07 Jan 2014 17:23:10 +0100
Subject: [midPoint] Re. Group Membership in an AD Resource.
In-Reply-To: <52CC238F.9020401@trilobytesystems.com>
References: <52CC238F.9020401@trilobytesystems.com>
Message-ID: <52CC29EE.3090306@evolveum.com>
Hi Deepak,
I'm using the Active Directory connector to manage accounts in AD, and a
mapping which assigns user to groups. I didn't have to change resource
schema to use groups; it is available out of the box.
The mapping is for the icfs:groups attribute and midPoint 2.2.x,
although it should still be the same for 2.3.
I've adapted this from actual customer configuration, removing the
customer-specific code, but leaving the XML comments for you:
icfs:groupsGroupstruetruetruetruemr:stringIgnoreCasestrong$user/employeeType
You may need to use our versions of Connector Server and Active
Directory connector, there were some case-sensitivity issues in the
original versions (causing groups like "cn=group1,... and CN=group1" to
cause problems):
http://nexus.evolveum.com/nexus/content/repositories/openicf-releases/org/forgerock/openicf/dotnet/ActiveDirectory.Connector/1.0.0.20069/
http://nexus.evolveum.com/nexus/content/repositories/openicf-releases/org/forgerock/openicf/dotnet/openicf-dotnet/1.4.0.20081/
And update your resource configuration:
false Hi -
>
> I'm trying to figure out how to implement group membership for an Active
> Directory resource.
>
> We are using Midpoint 2.3-SNAPSHOT.
>
> Is it still possible to execute this using the idea of LDAP groups
> described here :
> https://wiki.evolveum.com/display/midPoint/LDAP+Groups+HOWTO (since AD
> supports LDAPv3)?
>
> Does anyone have any working configuration they can share that they use
> against Active Directory to provision users and also set up group
> memberships?
>
> Thanks in advance!
> BR/Deepak
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ing. Ivan Noris
Consultant
Evolveum, s.r.o
___________________________________________________
"Semper cautus - semper paratus - semper idem Vix."
From dnataraj at trilobytesystems.com Tue Jan 7 17:39:49 2014
From: dnataraj at trilobytesystems.com (Deepak Natarajan)
Date: Tue, 07 Jan 2014 17:39:49 +0100
Subject: [midPoint] Re. Group Membership in an AD Resource.
In-Reply-To: <52CC29EE.3090306@evolveum.com>
References: <52CC238F.9020401@trilobytesystems.com>
<52CC29EE.3090306@evolveum.com>
Message-ID: <52CC2DD5.4010209@trilobytesystems.com>
Thank you very much Ivan, I will try this out.
Could you also please show me the namespace declaration for mr: ?
mr:stringIgnoreCase
I'm also curious about one other thing - how is reconcilation with AD
performing for you? I am trying to reconcile approx 5600 users between
Midpoint and AD, and this is typically taking our Midpoint installation
about 5 hours to complete (!). Of course, I have various scripting hooks
and a before-create vbs script for AD (that creates OU containers if
they don't exist for the users - but I can see that this takes utmost a
second or two from the connector server logs)
Thanks!
BR/Deepak
> Ivan Noris
> January 7, 2014 at 5:23 PM
> Hi Deepak,
>
> I'm using the Active Directory connector to manage accounts in AD, and a
> mapping which assigns user to groups. I didn't have to change resource
> schema to use groups; it is available out of the box.
>
> The mapping is for the icfs:groups attribute and midPoint 2.2.x,
> although it should still be the same for 2.3.
>
> I've adapted this from actual customer configuration, removing the
> customer-specific code, but leaving the XML comments for you:
>
>
> icfs:groups
> Groups
>
>
>
> true
> true
> true
>
>
>
>
> true
> mr:stringIgnoreCase
>
> strong
>
> $user/employeeType
>
>
>
>
>
>
>
> You may need to use our versions of Connector Server and Active
> Directory connector, there were some case-sensitivity issues in the
> original versions (causing groups like "cn=group1,... and CN=group1" to
> cause problems):
>
> http://nexus.evolveum.com/nexus/content/repositories/openicf-releases/org/forgerock/openicf/dotnet/ActiveDirectory.Connector/1.0.0.20069/
>
> http://nexus.evolveum.com/nexus/content/repositories/openicf-releases/org/forgerock/openicf/dotnet/openicf-dotnet/1.4.0.20081/
>
> And update your resource configuration:
>
>
>
>
> false
>
>
>
>
> . . .
>
> This is the combination I currently use and seems to work well.
>
> Hope this helps,
> regards,
> Ivan
>
> Deepak Natarajan
> January 7, 2014 at 4:55 PM
> Hi -
>
> I'm trying to figure out how to implement group membership for an Active
> Directory resource.
>
> We are using Midpoint 2.3-SNAPSHOT.
>
> Is it still possible to execute this using the idea of LDAP groups
> described here :
> https://wiki.evolveum.com/display/midPoint/LDAP+Groups+HOWTO (since AD
> supports LDAPv3)?
>
> Does anyone have any working configuration they can share that they use
> against Active Directory to provision users and also set up group
> memberships?
>
> Thanks in advance!
> BR/Deepak
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: compose-unknown-contact.jpg
Type: image/jpeg
Size: 770 bytes
Desc: not available
URL:
From ivan.noris at evolveum.com Wed Jan 8 10:48:17 2014
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Wed, 08 Jan 2014 10:48:17 +0100
Subject: [midPoint] Re. Group Membership in an AD Resource.
In-Reply-To: <52CC2DD5.4010209@trilobytesystems.com>
References: <52CC238F.9020401@trilobytesystems.com> <52CC29EE.3090306@evolveum.com>
<52CC2DD5.4010209@trilobytesystems.com>
Message-ID: <52CD1EE1.5060108@evolveum.com>
Hi Deepak,
On 01/07/2014 05:39 PM, Deepak Natarajan wrote:
>
> Thank you very much Ivan, I will try this out.
>
> Could you also please show me the namespace declaration for mr: ?
>
> mr:stringIgnoreCase
>
of course, sorry. Please refer to
https://wiki.evolveum.com/display/midPoint/XML+Namespace+List if there
some other namespaces. The "mr" prefix is defined iny my resource as:
xmlns:mr="http://prism.evolveum.com/xml/ns/public/matching-rule-2".
> I'm also curious about one other thing - how is reconcilation with AD
> performing for you? I am trying to reconcile approx 5600 users between
> Midpoint and AD, and this is typically taking our Midpoint
> installation about 5 hours to complete (!). Of course, I have various
> scripting hooks and a before-create vbs script for AD (that creates OU
> containers if they don't exist for the users - but I can see that this
> takes utmost a second or two from the connector server logs)
>
My customer AD recon performance is roughly the same (using 2.2.x
branch). During initial reconciliation (no users linked with AD
accounts; creating users in midPoint for unmatched accounts) the
performance is ca. 500 accounts / 10 minutes.
I'm just discussing with my coleagues how to setup the logging/profiling
on your side to investigate the performance further.
Regards,
Ivan
--
Ing. Ivan Noris
Consultant
Evolveum, s.r.o
___________________________________________________
"Semper cautus - semper paratus - semper idem Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From suta.erik at gmail.com Wed Jan 8 11:20:33 2014
From: suta.erik at gmail.com (=?UTF-8?Q?Erik_=C5=A0uta?=)
Date: Wed, 8 Jan 2014 11:20:33 +0100
Subject: [midPoint] Re. Group Membership in an AD Resource.
In-Reply-To: <52CC2DD5.4010209@trilobytesystems.com>
References: <52CC238F.9020401@trilobytesystems.com>
<52CC29EE.3090306@evolveum.com>
<52CC2DD5.4010209@trilobytesystems.com>
Message-ID:
Hi Deepak,
MidPoint performance is an aspect that still needs a lot of work, but we
have spent
a significant amount of time on its improvements during last releases. In
last release,
we have integrated a very simple profiling tool to midPoint and I would
like to
ask you to use this tool during AD reconciliation and provide results for
further
analysis. If possible, we would like you to perform following measurements:
1.) Entry/Exit cycle measurement:
Please, refer to
https://wiki.evolveum.com/display/midPoint/Administration+Interface#AdministrationInterface-LoggingConfiguration
to turn on Entry/Exit profiling during AD reconciliation. This profiling
performs method Entry/Exit
analysis and it needs to be turned on for only couple of seconds, so it can
capture several single
user reconciliation processes.
2.) General Subsystem Profiling:
Please, refer to:
https://wiki.evolveum.com/display/midPoint/Administration+Interface#AdministrationInterface-ProfilingConfiguration
to configure general profiling. Just to be sure, check all subsystems
except "Workflow" and set Dump Interval
to a couple of minutes (2-5) and if possible, please run AD reconciliation
for 15-30 minutes.
More on midPoint profiling concepts can also be found here:
https://wiki.evolveum.com/display/midPoint/Profiling+Concepts#
Results of measurements can be seen in 'idm-profile.log' file(s) in
/logs directory. Please
provide these log file(s) so we can analyse it(them), find bottleneck and
improve performance.
P.S. If you have any problems or ideas using midPoint profiling, please
provide feedback since this
feature is still in development and any user feedback is much appreciated.
On Tue, Jan 7, 2014 at 5:39 PM, Deepak Natarajan <
dnataraj at trilobytesystems.com> wrote:
>
> Thank you very much Ivan, I will try this out.
>
> Could you also please show me the namespace declaration for mr: ?
>
> mr:stringIgnoreCase
>
> I'm also curious about one other thing - how is reconcilation with AD
> performing for you? I am trying to reconcile approx 5600 users between
> Midpoint and AD, and this is typically taking our Midpoint installation
> about 5 hours to complete (!). Of course, I have various scripting hooks
> and a before-create vbs script for AD (that creates OU containers if they
> don't exist for the users - but I can see that this takes utmost a second
> or two from the connector server logs)
>
> Thanks!
>
> BR/Deepak
>
> Ivan Noris
> January 7, 2014 at 5:23 PM
> Hi Deepak,
>
> I'm using the Active Directory connector to manage accounts in AD, and a
> mapping which assigns user to groups. I didn't have to change resource
> schema to use groups; it is available out of the box.
>
> The mapping is for the icfs:groups attribute and midPoint 2.2.x,
> although it should still be the same for 2.3.
>
> I've adapted this from actual customer configuration, removing the
> customer-specific code, but leaving the XML comments for you:
>
>
> icfs:groups
> Groups
>
>
>
> true
> true
> true
>
>
>
>
> true
> mr:stringIgnoreCase
>
> strong
>
> $user/employeeType
>
>
>
>
>
>
>
> You may need to use our versions of Connector Server and Active
> Directory connector, there were some case-sensitivity issues in the
> original versions (causing groups like "cn=group1,... and CN=group1" to
> cause problems):
>
>
> http://nexus.evolveum.com/nexus/content/repositories/openicf-releases/org/forgerock/openicf/dotnet/ActiveDirectory.Connector/1.0.0.20069/
>
>
> http://nexus.evolveum.com/nexus/content/repositories/openicf-releases/org/forgerock/openicf/dotnet/openicf-dotnet/1.4.0.20081/
>
> And update your resource configuration:
>
>
>
>
>
> false
>
>
>
>
> . . .
>
> This is the combination I currently use and seems to work well.
>
> Hope this helps,
> regards,
> Ivan
>
> Deepak Natarajan
> January 7, 2014 at 4:55 PM
> Hi -
>
> I'm trying to figure out how to implement group membership for an Active
> Directory resource.
>
> We are using Midpoint 2.3-SNAPSHOT.
>
> Is it still possible to execute this using the idea of LDAP groups
> described here :
> https://wiki.evolveum.com/display/midPoint/LDAP+Groups+HOWTO (since AD
> supports LDAPv3)?
>
> Does anyone have any working configuration they can share that they use
> against Active Directory to provision users and also set up group
> memberships?
>
> Thanks in advance!
> BR/Deepak
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: compose-unknown-contact.jpg
Type: image/jpeg
Size: 770 bytes
Desc: not available
URL:
From vilo.repan at evolveum.com Wed Jan 8 11:47:36 2014
From: vilo.repan at evolveum.com (Viliam Repan)
Date: Wed, 08 Jan 2014 11:47:36 +0100
Subject: [midPoint] User interface changes
Message-ID: <52CD2CC8.8040805@evolveum.com>
Hello,
we've been working on user interface improvements during last couple
months here at Evolveum and yesterday all changes were pushed to master
(v2.3devel-815-g288a2d5). The most interesting changes compared to
previous version:
- we're using Twitter Bootstrap 3 with jQuery and LESS
- responsive, clean design, highly customizable
- system configuration editor was added
- better org. structure support, now view and editing available
- resource wizard (not yet finished)
*Warning**:* We're working hard to find and fix bugs in user interface,
but there are still bugs and quirks (dragons and bombs), so use it with
caution.
Hopefully you'll like it and should you have any ideas how to improve
design or usability improvements, please let us know.
Cheers,
vilo
--
Ing. Viliam Repán(
Evolveum, s.r.o.
tel: +421 910 797978
mail: vilo.repan at evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From dnataraj at trilobytesystems.com Wed Jan 8 13:04:27 2014
From: dnataraj at trilobytesystems.com (Deepak Natarajan)
Date: Wed, 08 Jan 2014 13:04:27 +0100
Subject: [midPoint] Re. Group Membership in an AD Resource.
In-Reply-To: <52CC29EE.3090306@evolveum.com>
References: <52CC238F.9020401@trilobytesystems.com>
<52CC29EE.3090306@evolveum.com>
Message-ID: <52CD3ECB.5000907@trilobytesystems.com>
Hi Ivan -
A quick question about returning groups :
How do I return multiple groups...are they comma separated or?
If I have two group DN's to return :
cn=group1,ou=groups,ou=orgA
cn=group2,ou=groups,ou=depts,ou=orgB
can I return an array from within the script?
Thank you.
> Ivan Noris
> January 7, 2014 at 5:23 PM
> Hi Deepak,
>
> I'm using the Active Directory connector to manage accounts in AD, and a
> mapping which assigns user to groups. I didn't have to change resource
> schema to use groups; it is available out of the box.
>
> The mapping is for the icfs:groups attribute and midPoint 2.2.x,
> although it should still be the same for 2.3.
>
> I've adapted this from actual customer configuration, removing the
> customer-specific code, but leaving the XML comments for you:
>
>
> icfs:groups
> Groups
>
>
>
> true
> true
> true
>
>
>
>
> true
> mr:stringIgnoreCase
>
> strong
>
> $user/employeeType
>
>
>
>
>
>
>
> You may need to use our versions of Connector Server and Active
> Directory connector, there were some case-sensitivity issues in the
> original versions (causing groups like "cn=group1,... and CN=group1" to
> cause problems):
>
> http://nexus.evolveum.com/nexus/content/repositories/openicf-releases/org/forgerock/openicf/dotnet/ActiveDirectory.Connector/1.0.0.20069/
>
> http://nexus.evolveum.com/nexus/content/repositories/openicf-releases/org/forgerock/openicf/dotnet/openicf-dotnet/1.4.0.20081/
>
> And update your resource configuration:
>
>
>
>
> false
>
>
>
>
> . . .
>
> This is the combination I currently use and seems to work well.
>
> Hope this helps,
> regards,
> Ivan
>
> Deepak Natarajan
> January 7, 2014 at 4:55 PM
> Hi -
>
> I'm trying to figure out how to implement group membership for an Active
> Directory resource.
>
> We are using Midpoint 2.3-SNAPSHOT.
>
> Is it still possible to execute this using the idea of LDAP groups
> described here :
> https://wiki.evolveum.com/display/midPoint/LDAP+Groups+HOWTO (since AD
> supports LDAPv3)?
>
> Does anyone have any working configuration they can share that they use
> against Active Directory to provision users and also set up group
> memberships?
>
> Thanks in advance!
> BR/Deepak
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: compose-unknown-contact.jpg
Type: image/jpeg
Size: 770 bytes
Desc: not available
URL:
From dnataraj at trilobytesystems.com Wed Jan 8 13:05:32 2014
From: dnataraj at trilobytesystems.com (Deepak Natarajan)
Date: Wed, 08 Jan 2014 13:05:32 +0100
Subject: [midPoint] Re. Group Membership in an AD Resource.
In-Reply-To:
References: <52CC238F.9020401@trilobytesystems.com>
<52CC29EE.3090306@evolveum.com>
<52CC2DD5.4010209@trilobytesystems.com>
Message-ID: <52CD3F0C.1030504@trilobytesystems.com>
Hi Erik -
Thank you for your detailed email.
I will try to profile when I get a chance to run the reconciliation
again next and return to you with some results.
BR/Deepak
> Erik S(uta
> January 8, 2014 at 11:20 AM
> Hi Deepak,
>
> MidPoint performance is an aspect that still needs a lot of work, but
> we have spent
> a significant amount of time on its improvements during last releases.
> In last release,
> we have integrated a very simple profiling tool to midPoint and I
> would like to
> ask you to use this tool during AD reconciliation and provide results
> for further
> analysis. If possible, we would like you to perform following
> measurements:
>
> 1.) Entry/Exit cycle measurement:
> Please, refer to
> https://wiki.evolveum.com/display/midPoint/Administration+Interface#AdministrationInterface-LoggingConfiguration
>
> to turn on Entry/Exit profiling during AD reconciliation. This
> profiling performs method Entry/Exit
> analysis and it needs to be turned on for only couple of seconds, so
> it can capture several single
> user reconciliation processes.
>
> 2.) General Subsystem Profiling:
> Please, refer to:
> https://wiki.evolveum.com/display/midPoint/Administration+Interface#AdministrationInterface-ProfilingConfiguration
> to configure general profiling. Just to be sure, check all subsystems
> except "Workflow" and set Dump Interval
> to a couple of minutes (2-5) and if possible, please run AD
> reconciliation for 15-30 minutes.
>
> More on midPoint profiling concepts can also be found here:
> https://wiki.evolveum.com/display/midPoint/Profiling+Concepts#
>
> Results of measurements can be seen in 'idm-profile.log' file(s) in
> /logs directory. Please
> provide these log file(s) so we can analyse it(them), find bottleneck
> and improve performance.
>
> P.S. If you have any problems or ideas using midPoint profiling,
> please provide feedback since this
> feature is still in development and any user feedback is much
> appreciated.
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
> Deepak Natarajan
> January 7, 2014 at 5:39 PM
>
> Thank you very much Ivan, I will try this out.
>
> Could you also please show me the namespace declaration for mr: ?
>
> mr:stringIgnoreCase
>
> I'm also curious about one other thing - how is reconcilation with AD
> performing for you? I am trying to reconcile approx 5600 users between
> Midpoint and AD, and this is typically taking our Midpoint
> installation about 5 hours to complete (!). Of course, I have various
> scripting hooks and a before-create vbs script for AD (that creates OU
> containers if they don't exist for the users - but I can see that this
> takes utmost a second or two from the connector server logs)
>
> Thanks!
>
> BR/Deepak
>
> Ivan Noris
> January 7, 2014 at 5:23 PM
> Hi Deepak,
>
> I'm using the Active Directory connector to manage accounts in AD, and a
> mapping which assigns user to groups. I didn't have to change resource
> schema to use groups; it is available out of the box.
>
> The mapping is for the icfs:groups attribute and midPoint 2.2.x,
> although it should still be the same for 2.3.
>
> I've adapted this from actual customer configuration, removing the
> customer-specific code, but leaving the XML comments for you:
>
>
> icfs:groups
> Groups
>
>
>
> true
> true
> true
>
>
>
>
> true
> mr:stringIgnoreCase
>
> strong
>
> $user/employeeType
>
>
>
>
>
>
>
> You may need to use our versions of Connector Server and Active
> Directory connector, there were some case-sensitivity issues in the
> original versions (causing groups like "cn=group1,... and CN=group1" to
> cause problems):
>
> http://nexus.evolveum.com/nexus/content/repositories/openicf-releases/org/forgerock/openicf/dotnet/ActiveDirectory.Connector/1.0.0.20069/
>
> http://nexus.evolveum.com/nexus/content/repositories/openicf-releases/org/forgerock/openicf/dotnet/openicf-dotnet/1.4.0.20081/
>
> And update your resource configuration:
>
>
>
>
> false
>
>
>
>
> . . .
>
> This is the combination I currently use and seems to work well.
>
> Hope this helps,
> regards,
> Ivan
>
> Deepak Natarajan
> January 7, 2014 at 4:55 PM
> Hi -
>
> I'm trying to figure out how to implement group membership for an Active
> Directory resource.
>
> We are using Midpoint 2.3-SNAPSHOT.
>
> Is it still possible to execute this using the idea of LDAP groups
> described here :
> https://wiki.evolveum.com/display/midPoint/LDAP+Groups+HOWTO (since AD
> supports LDAPv3)?
>
> Does anyone have any working configuration they can share that they use
> against Active Directory to provision users and also set up group
> memberships?
>
> Thanks in advance!
> BR/Deepak
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: compose-unknown-contact.jpg
Type: image/jpeg
Size: 770 bytes
Desc: not available
URL:
From ivan.noris at evolveum.com Wed Jan 8 13:19:45 2014
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Wed, 08 Jan 2014 13:19:45 +0100
Subject: [midPoint] Re. Group Membership in an AD Resource.
In-Reply-To: <52CD3ECB.5000907@trilobytesystems.com>
References: <52CC238F.9020401@trilobytesystems.com> <52CC29EE.3090306@evolveum.com>
<52CD3ECB.5000907@trilobytesystems.com>
Message-ID: <52CD4261.4070207@evolveum.com>
Hi Deepak,
I'm doing it with the code based on the following (Groovy):
tmpOut = []
tmpOut.add('cn=group1,ou=groups,ou=orgA')
tmpOut.add('cn=group2,ou=groups,ou=depts,ou=orgB')
return tmpOut
Just be sure you are using the latest connector and connector server
(from our Nexus) and the setup mentioned earlier or you can have
problems when specifying the group name as "cn=group1,ou=..." and the
group is actually stored in AD and returned from its LDAP as
"CN=group1,OU=..."
Regards,
Ivan
On 01/08/2014 01:04 PM, Deepak Natarajan wrote:
>
> Hi Ivan -
>
> A quick question about returning groups :
>
> How do I return multiple groups...are they comma separated or?
>
> If I have two group DN's to return :
> cn=group1,ou=groups,ou=orgA
> cn=group2,ou=groups,ou=depts,ou=orgB
>
> can I return an array from within the script?
>
> Thank you.
>> Ivan Noris
>> January 7, 2014 at 5:23 PM
>> Hi Deepak,
>>
>> I'm using the Active Directory connector to manage accounts in AD, and a
>> mapping which assigns user to groups. I didn't have to change resource
>> schema to use groups; it is available out of the box.
>>
>> The mapping is for the icfs:groups attribute and midPoint 2.2.x,
>> although it should still be the same for 2.3.
>>
>> I've adapted this from actual customer configuration, removing the
>> customer-specific code, but leaving the XML comments for you:
>>
>>
>> icfs:groups
>> Groups
>>
>>
>>
>> true
>> true
>> true
>>
>>
>>
>>
>> true
>> mr:stringIgnoreCase
>>
>> strong
>>
>> $user/employeeType
>>
>>
>>
>>
>>
>>
>>
>> You may need to use our versions of Connector Server and Active
>> Directory connector, there were some case-sensitivity issues in the
>> original versions (causing groups like "cn=group1,... and CN=group1" to
>> cause problems):
>>
>> http://nexus.evolveum.com/nexus/content/repositories/openicf-releases/org/forgerock/openicf/dotnet/ActiveDirectory.Connector/1.0.0.20069/
>>
>> http://nexus.evolveum.com/nexus/content/repositories/openicf-releases/org/forgerock/openicf/dotnet/openicf-dotnet/1.4.0.20081/
>>
>> And update your resource configuration:
>>
>>
>>
>>
>> false
>>
>>
>>
>>
>> > . . .
>>
>> This is the combination I currently use and seems to work well.
>>
>> Hope this helps,
>> regards,
>> Ivan
>>
>> Deepak Natarajan
>> January 7, 2014 at 4:55 PM
>> Hi -
>>
>> I'm trying to figure out how to implement group membership for an Active
>> Directory resource.
>>
>> We are using Midpoint 2.3-SNAPSHOT.
>>
>> Is it still possible to execute this using the idea of LDAP groups
>> described here :
>> https://wiki.evolveum.com/display/midPoint/LDAP+Groups+HOWTO (since AD
>> supports LDAPv3)?
>>
>> Does anyone have any working configuration they can share that they use
>> against Active Directory to provision users and also set up group
>> memberships?
>>
>> Thanks in advance!
>> BR/Deepak
>>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ing. Ivan Noris
Consultant
Evolveum, s.r.o
___________________________________________________
"Semper cautus - semper paratus - semper idem Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: compose-unknown-contact.jpg
Type: image/jpeg
Size: 770 bytes
Desc: not available
URL:
From dnataraj at trilobytesystems.com Wed Jan 8 15:54:37 2014
From: dnataraj at trilobytesystems.com (Deepak Natarajan)
Date: Wed, 08 Jan 2014 15:54:37 +0100
Subject: [midPoint] User interface changes
In-Reply-To: <52CD2CC8.8040805@evolveum.com>
References: <52CD2CC8.8040805@evolveum.com>
Message-ID: <52CD66AD.2080506@trilobytesystems.com>
Hi Viliam -
I'm just starting to use the new interface (looks nice!)
Do you wish us to keep track of errors we encounter, or report them
somewhere?
Cheers
Deepak
> Viliam Repan
> January 8, 2014 at 11:47 AM
> Hello,
>
> we've been working on user interface improvements during last couple
> months here at Evolveum and yesterday all changes were pushed to
> master (v2.3devel-815-g288a2d5). The most interesting changes compared
> to previous version:
> - we're using Twitter Bootstrap 3 with jQuery and LESS
> - responsive, clean design, highly customizable
> - system configuration editor was added
> - better org. structure support, now view and editing available
> - resource wizard (not yet finished)
>
> *Warning**:* We're working hard to find and fix bugs in user
> interface, but there are still bugs and quirks (dragons and bombs), so
> use it with caution.
>
> Hopefully you'll like it and should you have any ideas how to improve
> design or usability improvements, please let us know.
>
> Cheers,
>
> vilo
> --
> Ing. Viliam Repán(
> Evolveum, s.r.o.
>
> tel: +421 910 797978
> mail: vilo.repan at evolveum.com
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: compose-unknown-contact.jpg
Type: image/jpeg
Size: 770 bytes
Desc: not available
URL:
From dnataraj at trilobytesystems.com Wed Jan 8 17:29:42 2014
From: dnataraj at trilobytesystems.com (Deepak Natarajan)
Date: Wed, 08 Jan 2014 17:29:42 +0100
Subject: [midPoint] Re. Group Membership in an AD Resource.
In-Reply-To: <52CD4261.4070207@evolveum.com>
References: <52CC238F.9020401@trilobytesystems.com> <52CC29EE.3090306@evolveum.com>
<52CD3ECB.5000907@trilobytesystems.com>
<52CD4261.4070207@evolveum.com>
Message-ID: <52CD7CF6.9090803@trilobytesystems.com>
Hi Ivan -
A quick (hopefully last) question about this issue - is it necessary
that the group should exist in AD already..or will Midpoint be able to
create them using the connector if they are not present? (I assumed the
latter and am running into an error...)
Thanks!
BR/Deepak
> Ivan Noris
> January 8, 2014 at 1:19 PM
> Hi Deepak,
>
> I'm doing it with the code based on the following (Groovy):
>
> tmpOut = []
> tmpOut.add('cn=group1,ou=groups,ou=orgA')
> tmpOut.add('cn=group2,ou=groups,ou=depts,ou=orgB')
> return tmpOut
>
> Just be sure you are using the latest connector and connector server
> (from our Nexus) and the setup mentioned earlier or you can have
> problems when specifying the group name as "cn=group1,ou=..." and the
> group is actually stored in AD and returned from its LDAP as
> "CN=group1,OU=..."
>
> Regards,
> Ivan
>
> On 01/08/2014 01:04 PM, Deepak Natarajan wrote:
>
> --
> Ing. Ivan Noris
> Consultant
> Evolveum, s.r.o
> ___________________________________________________
> "Semper cautus - semper paratus - semper idem Vix."
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
> Deepak Natarajan
> January 8, 2014 at 1:04 PM
>
> Hi Ivan -
>
> A quick question about returning groups :
>
> How do I return multiple groups...are they comma separated or?
>
> If I have two group DN's to return :
> cn=group1,ou=groups,ou=orgA
> cn=group2,ou=groups,ou=depts,ou=orgB
>
> can I return an array from within the script?
>
> Thank you.
> Ivan Noris
> January 7, 2014 at 5:23 PM
> Hi Deepak,
>
> I'm using the Active Directory connector to manage accounts in AD, and a
> mapping which assigns user to groups. I didn't have to change resource
> schema to use groups; it is available out of the box.
>
> The mapping is for the icfs:groups attribute and midPoint 2.2.x,
> although it should still be the same for 2.3.
>
> I've adapted this from actual customer configuration, removing the
> customer-specific code, but leaving the XML comments for you:
>
>
> icfs:groups
> Groups
>
>
>
> true
> true
> true
>
>
>
>
> true
> mr:stringIgnoreCase
>
> strong
>
> $user/employeeType
>
>
>
>
>
>
>
> You may need to use our versions of Connector Server and Active
> Directory connector, there were some case-sensitivity issues in the
> original versions (causing groups like "cn=group1,... and CN=group1" to
> cause problems):
>
> http://nexus.evolveum.com/nexus/content/repositories/openicf-releases/org/forgerock/openicf/dotnet/ActiveDirectory.Connector/1.0.0.20069/
>
> http://nexus.evolveum.com/nexus/content/repositories/openicf-releases/org/forgerock/openicf/dotnet/openicf-dotnet/1.4.0.20081/
>
> And update your resource configuration:
>
>
>
>
> false
>
>
>
>
> . . .
>
> This is the combination I currently use and seems to work well.
>
> Hope this helps,
> regards,
> Ivan
>
> Deepak Natarajan
> January 7, 2014 at 4:55 PM
> Hi -
>
> I'm trying to figure out how to implement group membership for an Active
> Directory resource.
>
> We are using Midpoint 2.3-SNAPSHOT.
>
> Is it still possible to execute this using the idea of LDAP groups
> described here :
> https://wiki.evolveum.com/display/midPoint/LDAP+Groups+HOWTO (since AD
> supports LDAPv3)?
>
> Does anyone have any working configuration they can share that they use
> against Active Directory to provision users and also set up group
> memberships?
>
> Thanks in advance!
> BR/Deepak
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: compose-unknown-contact.jpg
Type: image/jpeg
Size: 770 bytes
Desc: not available
URL:
From ivan.noris at evolveum.com Thu Jan 9 09:53:31 2014
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Thu, 09 Jan 2014 09:53:31 +0100
Subject: [midPoint] Re. Group Membership in an AD Resource.
In-Reply-To: <52CD7CF6.9090803@trilobytesystems.com>
References: <52CC238F.9020401@trilobytesystems.com> <52CC29EE.3090306@evolveum.com> <52CD3ECB.5000907@trilobytesystems.com> <52CD4261.4070207@evolveum.com>
<52CD7CF6.9090803@trilobytesystems.com>
Message-ID: <52CE638B.3010709@evolveum.com>
Hi Deepak,
On 01/08/2014 05:29 PM, Deepak Natarajan wrote:
>
> Hi Ivan -
>
> A quick (hopefully last) question about this issue - is it necessary
> that the group should exist in AD already..or will Midpoint be able to
> create them using the connector if they are not present? (I assumed
> the latter and am running into an error...)
the connector will not create the group automatically. But you can
create it in your before-add script, which is exactly the way I'm doing it.
My scenario:
- before add (and also before modify) script:
- create OU, in which the user is created (or moved to)
- create group, where the user should be if it does not already
exist (the group DN is based on user's attributes)
- after add (and also after modify) script:
- create home directory and set ownership
The icfs:groups mapping is generating the group DNs (based on user's
attributes) and expects that the before script has already created them.
Actually, I'm adding users to multiple groups, for some of them I expect
they had already existed before midPoint was installed and others are
created by our before script.
Regards,
Ivan
>
> Thanks!
>
> BR/Deepak
>> Ivan Noris
>> January 8, 2014 at 1:19 PM
>> Hi Deepak,
>>
>> I'm doing it with the code based on the following (Groovy):
>>
>> tmpOut = []
>> tmpOut.add('cn=group1,ou=groups,ou=orgA')
>> tmpOut.add('cn=group2,ou=groups,ou=depts,ou=orgB')
>> return tmpOut
>>
>> Just be sure you are using the latest connector and connector server
>> (from our Nexus) and the setup mentioned earlier or you can have
>> problems when specifying the group name as "cn=group1,ou=..." and the
>> group is actually stored in AD and returned from its LDAP as
>> "CN=group1,OU=..."
>>
>> Regards,
>> Ivan
>>
>> On 01/08/2014 01:04 PM, Deepak Natarajan wrote:
>>
>> --
>> Ing. Ivan Noris
>> Consultant
>> Evolveum, s.r.o
>> ___________________________________________________
>> "Semper cautus - semper paratus - semper idem Vix."
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>> Deepak Natarajan
>> January 8, 2014 at 1:04 PM
>>
>> Hi Ivan -
>>
>> A quick question about returning groups :
>>
>> How do I return multiple groups...are they comma separated or?
>>
>> If I have two group DN's to return :
>> cn=group1,ou=groups,ou=orgA
>> cn=group2,ou=groups,ou=depts,ou=orgB
>>
>> can I return an array from within the script?
>>
>> Thank you.
>> Ivan Noris
>> January 7, 2014 at 5:23 PM
>> Hi Deepak,
>>
>> I'm using the Active Directory connector to manage accounts in AD, and a
>> mapping which assigns user to groups. I didn't have to change resource
>> schema to use groups; it is available out of the box.
>>
>> The mapping is for the icfs:groups attribute and midPoint 2.2.x,
>> although it should still be the same for 2.3.
>>
>> I've adapted this from actual customer configuration, removing the
>> customer-specific code, but leaving the XML comments for you:
>>
>>
>> icfs:groups
>> Groups
>>
>>
>>
>> true
>> true
>> true
>>
>>
>>
>>
>> true
>> mr:stringIgnoreCase
>>
>> strong
>>
>> $user/employeeType
>>
>>
>>
>>
>>
>>
>>
>> You may need to use our versions of Connector Server and Active
>> Directory connector, there were some case-sensitivity issues in the
>> original versions (causing groups like "cn=group1,... and CN=group1" to
>> cause problems):
>>
>> http://nexus.evolveum.com/nexus/content/repositories/openicf-releases/org/forgerock/openicf/dotnet/ActiveDirectory.Connector/1.0.0.20069/
>>
>> http://nexus.evolveum.com/nexus/content/repositories/openicf-releases/org/forgerock/openicf/dotnet/openicf-dotnet/1.4.0.20081/
>>
>> And update your resource configuration:
>>
>>
>>
>>
>> false
>>
>>
>>
>>
>> > . . .
>>
>> This is the combination I currently use and seems to work well.
>>
>> Hope this helps,
>> regards,
>> Ivan
>>
>> Deepak Natarajan
>> January 7, 2014 at 4:55 PM
>> Hi -
>>
>> I'm trying to figure out how to implement group membership for an Active
>> Directory resource.
>>
>> We are using Midpoint 2.3-SNAPSHOT.
>>
>> Is it still possible to execute this using the idea of LDAP groups
>> described here :
>> https://wiki.evolveum.com/display/midPoint/LDAP+Groups+HOWTO (since AD
>> supports LDAPv3)?
>>
>> Does anyone have any working configuration they can share that they use
>> against Active Directory to provision users and also set up group
>> memberships?
>>
>> Thanks in advance!
>> BR/Deepak
>>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ing. Ivan Noris
Consultant
Evolveum, s.r.o
___________________________________________________
"Semper cautus - semper paratus - semper idem Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: compose-unknown-contact.jpg
Type: image/jpeg
Size: 770 bytes
Desc: not available
URL:
From radovan.semancik at evolveum.com Thu Jan 9 10:13:18 2014
From: radovan.semancik at evolveum.com (Radovan Semancik)
Date: Thu, 09 Jan 2014 10:13:18 +0100
Subject: [midPoint] Re. Group Membership in an AD Resource.
In-Reply-To: <52CD7CF6.9090803@trilobytesystems.com>
References: <52CC238F.9020401@trilobytesystems.com> <52CC29EE.3090306@evolveum.com> <52CD3ECB.5000907@trilobytesystems.com> <52CD4261.4070207@evolveum.com>
<52CD7CF6.9090803@trilobytesystems.com>
Message-ID: <52CE682E.20703@evolveum.com>
Hi,
This is a tricky question. For midpoint 2.2.x it is only possible using
a provisioning scripts. But there is already a functionality in midpoint
2.3 development master that allows to do what you want to. You can
automatically create groups as a representation of midPoint roles or org
units so the groups will be created at the same time an role/org is
created - and that's guaranteed to be before a user is assigned to any
of these. Although we have only a handful of tests for this I'm quite
confident that it will work well because it is reusing bulk of the code
that works well for users and accounts. The basic idea is described here:
https://wiki.evolveum.com/display/midPoint/Generic+Synchronization
Simply speaking you need to do two things:
* Define an entitlement object type and appropriate associations in
resource schema handling section
* Add an *assignment* (not inducement!) to the org or role. Or create a
meta-role and assign that to the org/role for which you want to create a
group.
There is an example in the tests:
* resource with entitlement definition:
http://git.evolveum.com/view/midpoint/master/model/model-intest/src/test/resources/common/resource-dummy.xml
* meta-role:
http://git.evolveum.com/view/midpoint/master/model/model-intest/src/test/resources/gensync/role-meta-dummygroup.xml
I just need to document this functionality. I hope to find some time for
documentation later today.
--
Radovan Semancik
Software Architect
evolveum.com
On 01/08/2014 05:29 PM, Deepak Natarajan wrote:
>
> Hi Ivan -
>
> A quick (hopefully last) question about this issue - is it necessary
> that the group should exist in AD already..or will Midpoint be able to
> create them using the connector if they are not present? (I assumed
> the latter and am running into an error...)
>
> Thanks!
>
> BR/Deepak
>> Ivan Noris
>> January 8, 2014 at 1:19 PM
>> Hi Deepak,
>>
>> I'm doing it with the code based on the following (Groovy):
>>
>> tmpOut = []
>> tmpOut.add('cn=group1,ou=groups,ou=orgA')
>> tmpOut.add('cn=group2,ou=groups,ou=depts,ou=orgB')
>> return tmpOut
>>
>> Just be sure you are using the latest connector and connector server
>> (from our Nexus) and the setup mentioned earlier or you can have
>> problems when specifying the group name as "cn=group1,ou=..." and the
>> group is actually stored in AD and returned from its LDAP as
>> "CN=group1,OU=..."
>>
>> Regards,
>> Ivan
>>
>> On 01/08/2014 01:04 PM, Deepak Natarajan wrote:
>>
>> --
>> Ing. Ivan Noris
>> Consultant
>> Evolveum, s.r.o
>> ___________________________________________________
>> "Semper cautus - semper paratus - semper idem Vix."
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>> Deepak Natarajan
>> January 8, 2014 at 1:04 PM
>>
>> Hi Ivan -
>>
>> A quick question about returning groups :
>>
>> How do I return multiple groups...are they comma separated or?
>>
>> If I have two group DN's to return :
>> cn=group1,ou=groups,ou=orgA
>> cn=group2,ou=groups,ou=depts,ou=orgB
>>
>> can I return an array from within the script?
>>
>> Thank you.
>> Ivan Noris
>> January 7, 2014 at 5:23 PM
>> Hi Deepak,
>>
>> I'm using the Active Directory connector to manage accounts in AD, and a
>> mapping which assigns user to groups. I didn't have to change resource
>> schema to use groups; it is available out of the box.
>>
>> The mapping is for the icfs:groups attribute and midPoint 2.2.x,
>> although it should still be the same for 2.3.
>>
>> I've adapted this from actual customer configuration, removing the
>> customer-specific code, but leaving the XML comments for you:
>>
>>
>> icfs:groups
>> Groups
>>
>>
>>
>> true
>> true
>> true
>>
>>
>>
>>
>> true
>> mr:stringIgnoreCase
>>
>> strong
>>
>> $user/employeeType
>>
>>
>>
>>
>>
>>
>>
>> You may need to use our versions of Connector Server and Active
>> Directory connector, there were some case-sensitivity issues in the
>> original versions (causing groups like "cn=group1,... and CN=group1" to
>> cause problems):
>>
>> http://nexus.evolveum.com/nexus/content/repositories/openicf-releases/org/forgerock/openicf/dotnet/ActiveDirectory.Connector/1.0.0.20069/
>>
>> http://nexus.evolveum.com/nexus/content/repositories/openicf-releases/org/forgerock/openicf/dotnet/openicf-dotnet/1.4.0.20081/
>>
>> And update your resource configuration:
>>
>>
>>
>>
>> false
>>
>>
>>
>>
>> > . . .
>>
>> This is the combination I currently use and seems to work well.
>>
>> Hope this helps,
>> regards,
>> Ivan
>>
>> Deepak Natarajan
>> January 7, 2014 at 4:55 PM
>> Hi -
>>
>> I'm trying to figure out how to implement group membership for an Active
>> Directory resource.
>>
>> We are using Midpoint 2.3-SNAPSHOT.
>>
>> Is it still possible to execute this using the idea of LDAP groups
>> described here :
>> https://wiki.evolveum.com/display/midPoint/LDAP+Groups+HOWTO (since AD
>> supports LDAPv3)?
>>
>> Does anyone have any working configuration they can share that they use
>> against Active Directory to provision users and also set up group
>> memberships?
>>
>> Thanks in advance!
>> BR/Deepak
>>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: compose-unknown-contact.jpg
Type: image/jpeg
Size: 770 bytes
Desc: not available
URL:
From radovan.semancik at evolveum.com Thu Jan 9 10:20:32 2014
From: radovan.semancik at evolveum.com (Radovan Semancik)
Date: Thu, 09 Jan 2014 10:20:32 +0100
Subject: [midPoint] Re. Referring to resource variable inside expression.
In-Reply-To: <52C5739B.5060007@trilobytesystems.com>
References: <52C56EAA.3010605@trilobytesystems.com> <52C571B4.9080201@evolveum.com>
<52C5739B.5060007@trilobytesystems.com>
Message-ID: <52CE69E0.5090901@evolveum.com>
Hi,
You cannot access $account in object templates. There are several
reasons for this. And as you are not the first to ask this question I
have added an answer to our documentation:
https://wiki.evolveum.com/display/midPoint/Object+Template
Object template works just with a single object which is typically a
user. Therefore it only has the data from this object and no other
objects. It means that variables such as |$account| cannot be used in an
object template. The reason for this is the separation of concerns
principle. We try
to design each component or mechanism in midPoint to do a single thing.
This allows us a significant development advantage (debugging, testing)
and also provides a better code reusability. The power of midPoint is to
have simple principles (such as object template) that used over and over
again and combined with other simple principles (such as
inbound/outbound mappings) to create a flexible and comprehensive solution.
There is also another reason for *not* including account in object
templates. The object template may be used even if the account is not
available, e.g. when user is changed from the GUI. MidPoint is using
?relative changes
? therefore it is
not always required to read all the accounts to process a change. And in
fact the account may not even be available (e.g. because resource is
temporarily down). Therefore it would be a very inconvenient and
inefficient if account attributes are used in object templates.
Therefore if a property from an account (or other object) is needed in
an object template there are several ways how to do it:
* Use ?inbound mappings
instead. Inbound mappings can compute the value and place it
directly in the user property. Inbound mappings can see both the
account and the user. And midPoint can make sure that these mappings
are executed at the right moment and are not executed when not
needed. E.g. the mappings will be executed only when midPoint
detects a change on the resource.
* Use combination of inbound mappings
,
extended user properties and object template. Use object template to
the computation. Use inbound mappings to copy data from account to
the user extended properties (|extension| part of user object). Then
use the extended properties as input in the user template. This
works around the separation of concerns boundaries. And as the
extended properties are stored with the user in midPoint repository
they are always available without the need to read the account all
the time. Inbound mappings will make sure that these data are as
fresh as possible.
--
Radovan Semancik
Software Architect
evolveum.com
On 01/02/2014 03:11 PM, Deepak Natarajan wrote:
>
>
> Hi Ivan -
>
> Thanks - I tried with $c:input and it worked.
>
> It's a bit weird since in an object template (which I use for
> post-creation assignments etc), doing it like this worked :
>
>
>
> varname
> varpath
>
>
>
>
>
> seems to work, but this fails when I try something similar in a
> resource configuration...thought it is quite possible my varpath had
> an error in it...(i used $account/attributes/ri:var)
>
> but using 'input' works, thanks!
>> Ivan Noris
>> January 2, 2014 at 4:03 PM
>> Hi Deepak,
>>
>> just a blind shot - try to use implicit variable named "input" (it is
>> mapped to the "source" of the inbound expression, in your case,
>> ri:orgdesc).
>>
>> See an example (adapted from my customer's resource) written in
>> Groovy (not XPath):
>>
>>
>> ri:orgUnitHierarchy
>> Organizational Hierarchy
>> read
>>
>>
>>
>>
>>
>> $user/extension/mycustomer:ouPath
>>
>>
>>
>>
>> I do not use XPath in expressions unless absolutely necessary because
>> the debugging is quite _challenging_ ;) and it's lot easier to debug
>> Groovy statements.
>>
>> Regards,
>> Ivan
>>
>> On 01/02/2014 02:50 PM, Deepak Natarajan wrote:
>>
>> --
>> Ing. Ivan Noris
>> Consultant
>> Evolveum, s.r.o
>> ___________________________________________________
>> "Semper cautus - semper paratus - semper idem Vix."
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>> Deepak Natarajan
>> January 2, 2014 at 3:50 PM
>>
>> Hi -
>>
>> I'm struggling with a simple evaluation (I've removed namespace
>> declarations for readability) :
>>
>>
>> ri:orgdesc
>>
>>
>>
>>
>>
>> $user/extension/apos:aposUnitAttributes
>>
>>
>>
>>
>> I've tried everything, but the variable passed to the XPath tokenize
>> function is always nil (I know the function works correctly, since I
>> use it elsewhere, and using a literal string above produces the
>> correct results)
>>
>> I've tried including a before the expression with an
>> explicit but that doesn't seem to work either.
>>
>> Thanks for any input! - I'm using build Version: 2.3-SNAPSHOT,
>> describe: git-v2.3devel-383-g6ef8f72
>>
>> BR/Deepak
>>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: compose-unknown-contact.jpg
Type: image/jpeg
Size: 770 bytes
Desc: not available
URL:
From vilo.repan at evolveum.com Thu Jan 9 12:45:49 2014
From: vilo.repan at evolveum.com (Viliam Repan)
Date: Thu, 09 Jan 2014 12:45:49 +0100
Subject: [midPoint] User interface changes
In-Reply-To: <52CD66AD.2080506@trilobytesystems.com>
References: <52CD2CC8.8040805@evolveum.com>
<52CD66AD.2080506@trilobytesystems.com>
Message-ID: <52CE8BED.9060503@evolveum.com>
Hi Deepak,
we're glad to hear that, you can report bugs to Jira as usual (also you
can merge more bugs into one jira to save time).
Please assign every Jira issue from gui testing to me, I'll review and
fix it or reassign to responsible developer.
Cheers,
Vilo
On 01/08/2014 03:54 PM, Deepak Natarajan wrote:
>
> Hi Viliam -
>
> I'm just starting to use the new interface (looks nice!)
>
> Do you wish us to keep track of errors we encounter, or report them
> somewhere?
>
> Cheers
> Deepak
>
>> Viliam Repan
>> January 8, 2014 at 11:47 AM
>> Hello,
>>
>> we've been working on user interface improvements during last couple
>> months here at Evolveum and yesterday all changes were pushed to
>> master (v2.3devel-815-g288a2d5). The most interesting changes
>> compared to previous version:
>> - we're using Twitter Bootstrap 3 with jQuery and LESS
>> - responsive, clean design, highly customizable
>> - system configuration editor was added
>> - better org. structure support, now view and editing available
>> - resource wizard (not yet finished)
>>
>> *Warning**:* We're working hard to find and fix bugs in user
>> interface, but there are still bugs and quirks (dragons and bombs),
>> so use it with caution.
>>
>> Hopefully you'll like it and should you have any ideas how to improve
>> design or usability improvements, please let us know.
>>
>> Cheers,
>>
>> vilo
>> --
>> Ing. Viliam Repán(
>> Evolveum, s.r.o.
>>
>> tel: +421 910 797978
>> mail: vilo.repan at evolveum.com
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ing. Viliam Repán(
Evolveum, s.r.o.
tel: +421 910 797978
mail: vilo.repan at evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: compose-unknown-contact.jpg
Type: image/jpeg
Size: 770 bytes
Desc: not available
URL:
From lucie.bittnerova at ami.cz Mon Jan 13 14:48:51 2014
From: lucie.bittnerova at ami.cz (=?ISO-8859-2?Q?Lucie_R=FAt_Bittnerov=E1?=)
Date: Mon, 13 Jan 2014 14:48:51 +0100
Subject: [midPoint] Midpoint snapshot vs. AD connector
Message-ID: <52D3EEC3.8050805@ami.cz>
Hi,
I have tried the last repository midpoint version, but it didn't load to
the Tomcat with this exception:
2014-01-13 12:09:43,884 [localhost-startStop-1] ERROR
(org.springframework.web.context.ContextLoader): Context initialization
failed
org.springframework.beans.factory.BeanCreationException: Error creating
bean with name 'generalChangeProcessor': Invocation of init method
failed; nested exception is
com.evolveum.midpoint.util.exception.SystemException: There's no
generalChangeProcessorConfiguration element in generalChangeProcessor
configuration.
So I downloaded a bit older version
(6a8eba40655dc9dcb400932370a1506d858d06da) but there I have a problem
that I cannot connect to the AD using the configuration, which worked
for me with the midpoint version from the beginning of November. Is it
some bug or have I to change my configuration to get i working?
Thanks,
Lucie Rut Bittnerova
UCF connector initialization
* org.identityconnectors.framework.impl.api.remote.RemoteWrappedException(Odkaz
na objekt není nastaven na instanci objektu.)
* _Context:_ connector:
connector:ad911768-ad4a-458d-b829-22f042d226a9(ICF
Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector
v1.0.0.20069 @ICF Connector server on 10.0.0.35:8759)
* _Context:_ implementationClass: class
com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl
* _Cause:_
org.identityconnectors.framework.impl.api.remote.RemoteWrappedException(Odkaz
na objekt není nastaven na instanci objektu.)
[ HIDE ERROR STACK ]
|
com.evolveum.midpoint.provisioning.ucf.api.GenericFrameworkException: org.identityconnectors.framework.impl.api.remote.RemoteWrappedException(Odkaz
na objekt není nastaven na instanci objektu.)
at
com.evolveum.midpoint.provisioning.ucf.impl.IcfUtil.processIcfException(IcfUtil.java:217)
at
com.evolveum.midpoint.provisioning.ucf.impl.IcfUtil.processIcfException(IcfUtil.java:73)
at
com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.retrieveResourceSchema(ConnectorInstanceIcfImpl.java:546)
at
com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.initialize_aroundBody4(ConnectorInstanceIcfImpl.java:446)
at
com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl$AjcClosure5.run(ConnectorInstanceIcfImpl.java:1)
at
org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
at
com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:192)
at
com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
at
com.evolveum.midpoint.util.aspect.MidpointAspect.processUcfNdc(MidpointAspect.java:92)
at
com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.initialize(ConnectorInstanceIcfImpl.java:426)
at
com.evolveum.midpoint.provisioning.impl.ConnectorManager.createConfiguredConnectorInstance(ConnectorManager.java:161)
at
com.evolveum.midpoint.provisioning.impl.ConnectorManager.getConfiguredConnectorInstance(ConnectorManager.java:128)
at
com.evolveum.midpoint.provisioning.impl.ResourceManager.getConnectorInstance(ResourceManager.java:823)
at
com.evolveum.midpoint.provisioning.impl.ResourceManager.completeResource(ResourceManager.java:256)
at
com.evolveum.midpoint.provisioning.impl.ResourceManager.putToCache(ResourceManager.java:156)
at
com.evolveum.midpoint.provisioning.impl.ResourceManager.getResource(ResourceManager.java:150)
at
com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.getObject_aroundBody0(ProvisioningServiceImpl.java:193)
at
com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl$AjcClosure1.run(ProvisioningServiceImpl.java:1)
at
org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
at
com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:192)
at
com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
at
com.evolveum.midpoint.util.aspect.MidpointAspect.processProvisioningNdc(MidpointAspect.java:82)
at
com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.getObject(ProvisioningServiceImpl.java:144)
at
com.evolveum.midpoint.model.ModelObjectResolver.getObject(ModelObjectResolver.java:138)
at
com.evolveum.midpoint.model.controller.ModelController.getObject_aroundBody0(ModelController.java:229)
at
com.evolveum.midpoint.model.controller.ModelController$AjcClosure1.run(ModelController.java:1)
at
org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
at
com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:192)
at
com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
at
com.evolveum.midpoint.util.aspect.MidpointAspect.processModelNdc(MidpointAspect.java:77)
at
com.evolveum.midpoint.model.controller.ModelController.getObject(ModelController.java:207)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at
org.apache.wicket.proxy.LazyInitProxyFactory$JdkHandler.invoke(LazyInitProxyFactory.java:435)
at $Proxy176.getObject(Unknown Source)
at
com.evolveum.midpoint.web.page.admin.resources.PageAdminResources.loadResource(PageAdminResources.java:66)
at
com.evolveum.midpoint.web.page.admin.resources.PageResource.loadResourceDto(PageResource.java:97)
at
com.evolveum.midpoint.web.page.admin.resources.PageResource.access$0(PageResource.java:88)
at
com.evolveum.midpoint.web.page.admin.resources.PageResource$1.load(PageResource.java:82)
at
com.evolveum.midpoint.web.page.admin.resources.PageResource$1.load(PageResource.java:1)
at
com.evolveum.midpoint.web.component.util.LoadableModel.getObject(LoadableModel.java:46)
at
com.evolveum.midpoint.web.page.admin.resources.PageResource.testConnectionPerformed(PageResource.java:301)
at
com.evolveum.midpoint.web.page.admin.resources.PageResource.access$2(PageResource.java:300)
at
com.evolveum.midpoint.web.page.admin.resources.PageResource$11.onClick(PageResource.java:273)
at
org.apache.wicket.ajax.markup.html.AjaxLink$1.onEvent(AjaxLink.java:86)
at
org.apache.wicket.ajax.AjaxEventBehavior.respond(AjaxEventBehavior.java:123)
at
org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest(AbstractDefaultAjaxBehavior.java:626)
at sun.reflect.GeneratedMethodAccessor507.invoke(Unknown Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at
org.apache.wicket.RequestListenerInterface.internalInvoke(RequestListenerInterface.java:258)
at
org.apache.wicket.RequestListenerInterface.invoke(RequestListenerInterface.java:241)
at
org.apache.wicket.core.request.handler.ListenerInterfaceRequestHandler.invokeListener(ListenerInterfaceRequestHandler.java:247)
at
org.apache.wicket.core.request.handler.ListenerInterfaceRequestHandler.respond(ListenerInterfaceRequestHandler.java:226)
at
org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:861)
at
org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64)
at
org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:261)
at
org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:218)
at
org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:289)
at
org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:259)
at
org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:201)
at
org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282)
at
org.atmosphere.util.AtmosphereFilterChain.doFilter(AtmosphereFilterChain.java:155)
at
org.atmosphere.util.AtmosphereFilterChain.invokeFilterChain(AtmosphereFilterChain.java:132)
at
org.atmosphere.handler.ReflectorServletProcessor$FilterChainServletWrapper.service(ReflectorServletProcessor.java:314)
at
org.atmosphere.handler.ReflectorServletProcessor.onRequest(ReflectorServletProcessor.java:172)
at
org.atmosphere.cpr.AsynchronousProcessor.action(AsynchronousProcessor.java:259)
at
org.atmosphere.cpr.AsynchronousProcessor.suspended(AsynchronousProcessor.java:166)
at
org.atmosphere.container.BlockingIOCometSupport.service(BlockingIOCometSupport.java:101)
at
org.atmosphere.container.Tomcat7BIOSupportWithWebSocket.doService(Tomcat7BIOSupportWithWebSocket.java:65)
at
org.atmosphere.container.TomcatWebSocketUtil.doService(TomcatWebSocketUtil.java:87)
at
org.atmosphere.container.Tomcat7BIOSupportWithWebSocket.service(Tomcat7BIOSupportWithWebSocket.java:61)
at
org.atmosphere.cpr.AtmosphereFramework.doCometSupport(AtmosphereFramework.java:1441)
at
org.atmosphere.cpr.AtmosphereServlet.doPost(AtmosphereServlet.java:296)
at
org.atmosphere.cpr.AtmosphereServlet.doGet(AtmosphereServlet.java:282)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:311)
at
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:116)
at
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at
org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at
org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at
org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at
org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at
org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at
org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:125)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at
com.evolveum.midpoint.web.util.MidPointProfilingServletFilter.doFilter(MidPointProfilingServletFilter.java:86)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at
org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:1852)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:722)
|
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From mederly at evolveum.com Mon Jan 13 15:02:28 2014
From: mederly at evolveum.com (Pavol Mederly)
Date: Mon, 13 Jan 2014 15:02:28 +0100
Subject: [midPoint] Midpoint snapshot vs. AD connector
In-Reply-To: <52D3EEC3.8050805@ami.cz>
References: <52D3EEC3.8050805@ami.cz>
Message-ID: <52D3F1F4.8090801@evolveum.com>
Hello, Lucie,
I'm sorry, it's my fault. It'll be fixed in a moment.
Regards,
Pavol
> Hi,
>
> I have tried the last repository midpoint version, but it didn't load
> to the Tomcat with this exception:
>
> 2014-01-13 12:09:43,884 [localhost-startStop-1] ERROR
> (org.springframework.web.context.ContextLoader): Context
> initialization failed
> org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name 'generalChangeProcessor': Invocation of init
> method failed; nested exception is
> com.evolveum.midpoint.util.exception.SystemException: There's no
> generalChangeProcessorConfiguration element in generalChangeProcessor
> configuration.
>
> So I downloaded a bit older version
> (6a8eba40655dc9dcb400932370a1506d858d06da) but there I have a problem
> that I cannot connect to the AD using the configuration, which worked
> for me with the midpoint version from the beginning of November. Is it
> some bug or have I to change my configuration to get i working?
>
> Thanks,
> Lucie Rut Bittnerova
>
>
> UCF connector initialization
>
> * org.identityconnectors.framework.impl.api.remote.RemoteWrappedException(Odkaz
> na objekt není nastaven na instanci objektu.)
> * _Context:_ connector:
> connector:ad911768-ad4a-458d-b829-22f042d226a9(ICF
> Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector
> v1.0.0.20069 @ICF Connector server on 10.0.0.35:8759)
> * _Context:_ implementationClass: class
> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl
> * _Cause:_
>
> org.identityconnectors.framework.impl.api.remote.RemoteWrappedException(Odkaz
> na objekt není nastaven na instanci objektu.)
>
> [ HIDE ERROR STACK ]
> |
>
> com.evolveum.midpoint.provisioning.ucf.api.GenericFrameworkException:
> org.identityconnectors.framework.impl.api.remote.RemoteWrappedException(Odkaz
> na objekt není nastaven na instanci objektu.)
> at
> com.evolveum.midpoint.provisioning.ucf.impl.IcfUtil.processIcfException(IcfUtil.java:217)
> at
> com.evolveum.midpoint.provisioning.ucf.impl.IcfUtil.processIcfException(IcfUtil.java:73)
> at
> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.retrieveResourceSchema(ConnectorInstanceIcfImpl.java:546)
> at
> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.initialize_aroundBody4(ConnectorInstanceIcfImpl.java:446)
> at
> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl$AjcClosure5.run(ConnectorInstanceIcfImpl.java:1)
> at
> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:192)
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.processUcfNdc(MidpointAspect.java:92)
> at
> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.initialize(ConnectorInstanceIcfImpl.java:426)
> at
> com.evolveum.midpoint.provisioning.impl.ConnectorManager.createConfiguredConnectorInstance(ConnectorManager.java:161)
> at
> com.evolveum.midpoint.provisioning.impl.ConnectorManager.getConfiguredConnectorInstance(ConnectorManager.java:128)
> at
> com.evolveum.midpoint.provisioning.impl.ResourceManager.getConnectorInstance(ResourceManager.java:823)
> at
> com.evolveum.midpoint.provisioning.impl.ResourceManager.completeResource(ResourceManager.java:256)
> at
> com.evolveum.midpoint.provisioning.impl.ResourceManager.putToCache(ResourceManager.java:156)
> at
> com.evolveum.midpoint.provisioning.impl.ResourceManager.getResource(ResourceManager.java:150)
> at
> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.getObject_aroundBody0(ProvisioningServiceImpl.java:193)
> at
> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl$AjcClosure1.run(ProvisioningServiceImpl.java:1)
> at
> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:192)
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.processProvisioningNdc(MidpointAspect.java:82)
> at
> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.getObject(ProvisioningServiceImpl.java:144)
> at
> com.evolveum.midpoint.model.ModelObjectResolver.getObject(ModelObjectResolver.java:138)
> at
> com.evolveum.midpoint.model.controller.ModelController.getObject_aroundBody0(ModelController.java:229)
> at
> com.evolveum.midpoint.model.controller.ModelController$AjcClosure1.run(ModelController.java:1)
> at
> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:192)
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.processModelNdc(MidpointAspect.java:77)
> at
> com.evolveum.midpoint.model.controller.ModelController.getObject(ModelController.java:207)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:601)
> at
> org.apache.wicket.proxy.LazyInitProxyFactory$JdkHandler.invoke(LazyInitProxyFactory.java:435)
> at $Proxy176.getObject(Unknown Source)
> at
> com.evolveum.midpoint.web.page.admin.resources.PageAdminResources.loadResource(PageAdminResources.java:66)
> at
> com.evolveum.midpoint.web.page.admin.resources.PageResource.loadResourceDto(PageResource.java:97)
> at
> com.evolveum.midpoint.web.page.admin.resources.PageResource.access$0(PageResource.java:88)
> at
> com.evolveum.midpoint.web.page.admin.resources.PageResource$1.load(PageResource.java:82)
> at
> com.evolveum.midpoint.web.page.admin.resources.PageResource$1.load(PageResource.java:1)
> at
> com.evolveum.midpoint.web.component.util.LoadableModel.getObject(LoadableModel.java:46)
> at
> com.evolveum.midpoint.web.page.admin.resources.PageResource.testConnectionPerformed(PageResource.java:301)
> at
> com.evolveum.midpoint.web.page.admin.resources.PageResource.access$2(PageResource.java:300)
> at
> com.evolveum.midpoint.web.page.admin.resources.PageResource$11.onClick(PageResource.java:273)
> at
> org.apache.wicket.ajax.markup.html.AjaxLink$1.onEvent(AjaxLink.java:86)
> at
> org.apache.wicket.ajax.AjaxEventBehavior.respond(AjaxEventBehavior.java:123)
> at
> org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest(AbstractDefaultAjaxBehavior.java:626)
> at sun.reflect.GeneratedMethodAccessor507.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:601)
> at
> org.apache.wicket.RequestListenerInterface.internalInvoke(RequestListenerInterface.java:258)
> at
> org.apache.wicket.RequestListenerInterface.invoke(RequestListenerInterface.java:241)
> at
> org.apache.wicket.core.request.handler.ListenerInterfaceRequestHandler.invokeListener(ListenerInterfaceRequestHandler.java:247)
> at
> org.apache.wicket.core.request.handler.ListenerInterfaceRequestHandler.respond(ListenerInterfaceRequestHandler.java:226)
> at
> org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:861)
> at
> org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64)
> at
> org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:261)
> at
> org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:218)
> at
> org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:289)
> at
> org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:259)
> at
> org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:201)
> at
> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282)
> at
> org.atmosphere.util.AtmosphereFilterChain.doFilter(AtmosphereFilterChain.java:155)
> at
> org.atmosphere.util.AtmosphereFilterChain.invokeFilterChain(AtmosphereFilterChain.java:132)
> at
> org.atmosphere.handler.ReflectorServletProcessor$FilterChainServletWrapper.service(ReflectorServletProcessor.java:314)
> at
> org.atmosphere.handler.ReflectorServletProcessor.onRequest(ReflectorServletProcessor.java:172)
> at
> org.atmosphere.cpr.AsynchronousProcessor.action(AsynchronousProcessor.java:259)
> at
> org.atmosphere.cpr.AsynchronousProcessor.suspended(AsynchronousProcessor.java:166)
> at
> org.atmosphere.container.BlockingIOCometSupport.service(BlockingIOCometSupport.java:101)
> at
> org.atmosphere.container.Tomcat7BIOSupportWithWebSocket.doService(Tomcat7BIOSupportWithWebSocket.java:65)
> at
> org.atmosphere.container.TomcatWebSocketUtil.doService(TomcatWebSocketUtil.java:87)
> at
> org.atmosphere.container.Tomcat7BIOSupportWithWebSocket.service(Tomcat7BIOSupportWithWebSocket.java:61)
> at
> org.atmosphere.cpr.AtmosphereFramework.doCometSupport(AtmosphereFramework.java:1441)
> at
> org.atmosphere.cpr.AtmosphereServlet.doPost(AtmosphereServlet.java:296)
> at
> org.atmosphere.cpr.AtmosphereServlet.doGet(AtmosphereServlet.java:282)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:311)
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:116)
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
> at
> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
> at
> org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
> at
> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
> at
> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
> at
> org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
> at
> org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
> at
> org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
> at
> org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
> at
> org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
> at
> org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:125)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
> at
> com.evolveum.midpoint.web.util.MidPointProfilingServletFilter.doFilter(MidPointProfilingServletFilter.java:86)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
> at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
> at
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
> at
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
> at
> org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:1852)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
> at java.lang.Thread.run(Thread.java:722)
>
> |
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From pavol.mederly at gmail.com Mon Jan 13 15:41:11 2014
From: pavol.mederly at gmail.com (Pavol Mederly)
Date: Mon, 13 Jan 2014 15:41:11 +0100
Subject: [midPoint] Midpoint snapshot vs. AD connector
In-Reply-To: <52D3EEC3.8050805@ami.cz>
References: <52D3EEC3.8050805@ami.cz>
Message-ID: <52D3FB07.4080505@gmail.com>
Hello Lucie,
the snapshot should now work - the version is v2.3devel-877-geb216d9.
As for the other (AD-related) error, I cannot say why it occurred. If it
happens again, please let us know.
Best regards,
Pavol
On 13. 1. 2014 14:48, Lucie Rút Bittnerová wrote:
> Hi,
>
> I have tried the last repository midpoint version, but it didn't load
> to the Tomcat with this exception:
>
> 2014-01-13 12:09:43,884 [localhost-startStop-1] ERROR
> (org.springframework.web.context.ContextLoader): Context
> initialization failed
> org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name 'generalChangeProcessor': Invocation of init
> method failed; nested exception is
> com.evolveum.midpoint.util.exception.SystemException: There's no
> generalChangeProcessorConfiguration element in generalChangeProcessor
> configuration.
>
> So I downloaded a bit older version
> (6a8eba40655dc9dcb400932370a1506d858d06da) but there I have a problem
> that I cannot connect to the AD using the configuration, which worked
> for me with the midpoint version from the beginning of November. Is it
> some bug or have I to change my configuration to get i working?
>
> Thanks,
> Lucie Rut Bittnerova
>
>
> UCF connector initialization
>
> * org.identityconnectors.framework.impl.api.remote.RemoteWrappedException(Odkaz
> na objekt není nastaven na instanci objektu.)
> * _Context:_ connector:
> connector:ad911768-ad4a-458d-b829-22f042d226a9(ICF
> Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector
> v1.0.0.20069 @ICF Connector server on 10.0.0.35:8759)
> * _Context:_ implementationClass: class
> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl
> * _Cause:_
>
> org.identityconnectors.framework.impl.api.remote.RemoteWrappedException(Odkaz
> na objekt není nastaven na instanci objektu.)
>
> [ HIDE ERROR STACK ]
> |
>
> com.evolveum.midpoint.provisioning.ucf.api.GenericFrameworkException:
> org.identityconnectors.framework.impl.api.remote.RemoteWrappedException(Odkaz
> na objekt není nastaven na instanci objektu.)
> at
> com.evolveum.midpoint.provisioning.ucf.impl.IcfUtil.processIcfException(IcfUtil.java:217)
> at
> com.evolveum.midpoint.provisioning.ucf.impl.IcfUtil.processIcfException(IcfUtil.java:73)
> at
> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.retrieveResourceSchema(ConnectorInstanceIcfImpl.java:546)
> at
> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.initialize_aroundBody4(ConnectorInstanceIcfImpl.java:446)
> at
> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl$AjcClosure5.run(ConnectorInstanceIcfImpl.java:1)
> at
> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:192)
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.processUcfNdc(MidpointAspect.java:92)
> at
> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.initialize(ConnectorInstanceIcfImpl.java:426)
> at
> com.evolveum.midpoint.provisioning.impl.ConnectorManager.createConfiguredConnectorInstance(ConnectorManager.java:161)
> at
> com.evolveum.midpoint.provisioning.impl.ConnectorManager.getConfiguredConnectorInstance(ConnectorManager.java:128)
> at
> com.evolveum.midpoint.provisioning.impl.ResourceManager.getConnectorInstance(ResourceManager.java:823)
> at
> com.evolveum.midpoint.provisioning.impl.ResourceManager.completeResource(ResourceManager.java:256)
> at
> com.evolveum.midpoint.provisioning.impl.ResourceManager.putToCache(ResourceManager.java:156)
> at
> com.evolveum.midpoint.provisioning.impl.ResourceManager.getResource(ResourceManager.java:150)
> at
> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.getObject_aroundBody0(ProvisioningServiceImpl.java:193)
> at
> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl$AjcClosure1.run(ProvisioningServiceImpl.java:1)
> at
> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:192)
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.processProvisioningNdc(MidpointAspect.java:82)
> at
> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.getObject(ProvisioningServiceImpl.java:144)
> at
> com.evolveum.midpoint.model.ModelObjectResolver.getObject(ModelObjectResolver.java:138)
> at
> com.evolveum.midpoint.model.controller.ModelController.getObject_aroundBody0(ModelController.java:229)
> at
> com.evolveum.midpoint.model.controller.ModelController$AjcClosure1.run(ModelController.java:1)
> at
> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:192)
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.processModelNdc(MidpointAspect.java:77)
> at
> com.evolveum.midpoint.model.controller.ModelController.getObject(ModelController.java:207)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:601)
> at
> org.apache.wicket.proxy.LazyInitProxyFactory$JdkHandler.invoke(LazyInitProxyFactory.java:435)
> at $Proxy176.getObject(Unknown Source)
> at
> com.evolveum.midpoint.web.page.admin.resources.PageAdminResources.loadResource(PageAdminResources.java:66)
> at
> com.evolveum.midpoint.web.page.admin.resources.PageResource.loadResourceDto(PageResource.java:97)
> at
> com.evolveum.midpoint.web.page.admin.resources.PageResource.access$0(PageResource.java:88)
> at
> com.evolveum.midpoint.web.page.admin.resources.PageResource$1.load(PageResource.java:82)
> at
> com.evolveum.midpoint.web.page.admin.resources.PageResource$1.load(PageResource.java:1)
> at
> com.evolveum.midpoint.web.component.util.LoadableModel.getObject(LoadableModel.java:46)
> at
> com.evolveum.midpoint.web.page.admin.resources.PageResource.testConnectionPerformed(PageResource.java:301)
> at
> com.evolveum.midpoint.web.page.admin.resources.PageResource.access$2(PageResource.java:300)
> at
> com.evolveum.midpoint.web.page.admin.resources.PageResource$11.onClick(PageResource.java:273)
> at
> org.apache.wicket.ajax.markup.html.AjaxLink$1.onEvent(AjaxLink.java:86)
> at
> org.apache.wicket.ajax.AjaxEventBehavior.respond(AjaxEventBehavior.java:123)
> at
> org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest(AbstractDefaultAjaxBehavior.java:626)
> at sun.reflect.GeneratedMethodAccessor507.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:601)
> at
> org.apache.wicket.RequestListenerInterface.internalInvoke(RequestListenerInterface.java:258)
> at
> org.apache.wicket.RequestListenerInterface.invoke(RequestListenerInterface.java:241)
> at
> org.apache.wicket.core.request.handler.ListenerInterfaceRequestHandler.invokeListener(ListenerInterfaceRequestHandler.java:247)
> at
> org.apache.wicket.core.request.handler.ListenerInterfaceRequestHandler.respond(ListenerInterfaceRequestHandler.java:226)
> at
> org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:861)
> at
> org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64)
> at
> org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:261)
> at
> org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:218)
> at
> org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:289)
> at
> org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:259)
> at
> org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:201)
> at
> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282)
> at
> org.atmosphere.util.AtmosphereFilterChain.doFilter(AtmosphereFilterChain.java:155)
> at
> org.atmosphere.util.AtmosphereFilterChain.invokeFilterChain(AtmosphereFilterChain.java:132)
> at
> org.atmosphere.handler.ReflectorServletProcessor$FilterChainServletWrapper.service(ReflectorServletProcessor.java:314)
> at
> org.atmosphere.handler.ReflectorServletProcessor.onRequest(ReflectorServletProcessor.java:172)
> at
> org.atmosphere.cpr.AsynchronousProcessor.action(AsynchronousProcessor.java:259)
> at
> org.atmosphere.cpr.AsynchronousProcessor.suspended(AsynchronousProcessor.java:166)
> at
> org.atmosphere.container.BlockingIOCometSupport.service(BlockingIOCometSupport.java:101)
> at
> org.atmosphere.container.Tomcat7BIOSupportWithWebSocket.doService(Tomcat7BIOSupportWithWebSocket.java:65)
> at
> org.atmosphere.container.TomcatWebSocketUtil.doService(TomcatWebSocketUtil.java:87)
> at
> org.atmosphere.container.Tomcat7BIOSupportWithWebSocket.service(Tomcat7BIOSupportWithWebSocket.java:61)
> at
> org.atmosphere.cpr.AtmosphereFramework.doCometSupport(AtmosphereFramework.java:1441)
> at
> org.atmosphere.cpr.AtmosphereServlet.doPost(AtmosphereServlet.java:296)
> at
> org.atmosphere.cpr.AtmosphereServlet.doGet(AtmosphereServlet.java:282)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:311)
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:116)
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
> at
> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
> at
> org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
> at
> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
> at
> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
> at
> org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
> at
> org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
> at
> org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
> at
> org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
> at
> org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
> at
> org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:125)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
> at
> com.evolveum.midpoint.web.util.MidPointProfilingServletFilter.doFilter(MidPointProfilingServletFilter.java:86)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
> at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
> at
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
> at
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
> at
> org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:1852)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
> at java.lang.Thread.run(Thread.java:722)
>
> |
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From lucie.bittnerova at ami.cz Wed Jan 15 13:57:16 2014
From: lucie.bittnerova at ami.cz (=?ISO-8859-1?Q?Lucie_R=FAt_Bittnerov=E1?=)
Date: Wed, 15 Jan 2014 13:57:16 +0100
Subject: [midPoint] Midpoint snapshot vs. AD connector
In-Reply-To: <52D3FB07.4080505@gmail.com>
References: <52D3EEC3.8050805@ami.cz> <52D3FB07.4080505@gmail.com>
Message-ID: <52D685AC.8010107@ami.cz>
Hello,
unfortunately the AD error is deterministic, it occurs every time.
Lucie
Dne 13.1.2014 15:41, Pavol Mederly napsal(a):
> Hello Lucie,
>
> the snapshot should now work - the version is v2.3devel-877-geb216d9.
>
> As for the other (AD-related) error, I cannot say why it occurred. If
> it happens again, please let us know.
>
> Best regards,
> Pavol
>
>
> On 13. 1. 2014 14:48, Lucie Rút Bittnerová wrote:
>> Hi,
>>
>> I have tried the last repository midpoint version, but it didn't load
>> to the Tomcat with this exception:
>>
>> 2014-01-13 12:09:43,884 [localhost-startStop-1] ERROR
>> (org.springframework.web.context.ContextLoader): Context
>> initialization failed
>> org.springframework.beans.factory.BeanCreationException: Error
>> creating bean with name 'generalChangeProcessor': Invocation of init
>> method failed; nested exception is
>> com.evolveum.midpoint.util.exception.SystemException: There's no
>> generalChangeProcessorConfiguration element in generalChangeProcessor
>> configuration.
>>
>> So I downloaded a bit older version
>> (6a8eba40655dc9dcb400932370a1506d858d06da) but there I have a problem
>> that I cannot connect to the AD using the configuration, which worked
>> for me with the midpoint version from the beginning of November. Is
>> it some bug or have I to change my configuration to get i working?
>>
>> Thanks,
>> Lucie Rut Bittnerova
>>
>>
>> UCF connector initialization
>>
>> * org.identityconnectors.framework.impl.api.remote.RemoteWrappedException(Odkaz
>> na objekt není nastaven na instanci objektu.)
>> * _Context:_ connector:
>> connector:ad911768-ad4a-458d-b829-22f042d226a9(ICF
>> Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector
>> v1.0.0.20069 @ICF Connector server on 10.0.0.35:8759)
>> * _Context:_ implementationClass: class
>> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl
>> * _Cause:_
>>
>> org.identityconnectors.framework.impl.api.remote.RemoteWrappedException(Odkaz
>> na objekt není nastaven na instanci objektu.)
>>
>> [ HIDE ERROR STACK ]
>> |
>>
>> com.evolveum.midpoint.provisioning.ucf.api.GenericFrameworkException:
>> org.identityconnectors.framework.impl.api.remote.RemoteWrappedException(Odkaz
>> na objekt není nastaven na instanci objektu.)
>> at
>> com.evolveum.midpoint.provisioning.ucf.impl.IcfUtil.processIcfException(IcfUtil.java:217)
>> at
>> com.evolveum.midpoint.provisioning.ucf.impl.IcfUtil.processIcfException(IcfUtil.java:73)
>> at
>> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.retrieveResourceSchema(ConnectorInstanceIcfImpl.java:546)
>> at
>> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.initialize_aroundBody4(ConnectorInstanceIcfImpl.java:446)
>> at
>> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl$AjcClosure5.run(ConnectorInstanceIcfImpl.java:1)
>> at
>> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
>> at
>> com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:192)
>> at
>> com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
>> at
>> com.evolveum.midpoint.util.aspect.MidpointAspect.processUcfNdc(MidpointAspect.java:92)
>> at
>> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.initialize(ConnectorInstanceIcfImpl.java:426)
>> at
>> com.evolveum.midpoint.provisioning.impl.ConnectorManager.createConfiguredConnectorInstance(ConnectorManager.java:161)
>> at
>> com.evolveum.midpoint.provisioning.impl.ConnectorManager.getConfiguredConnectorInstance(ConnectorManager.java:128)
>> at
>> com.evolveum.midpoint.provisioning.impl.ResourceManager.getConnectorInstance(ResourceManager.java:823)
>> at
>> com.evolveum.midpoint.provisioning.impl.ResourceManager.completeResource(ResourceManager.java:256)
>> at
>> com.evolveum.midpoint.provisioning.impl.ResourceManager.putToCache(ResourceManager.java:156)
>> at
>> com.evolveum.midpoint.provisioning.impl.ResourceManager.getResource(ResourceManager.java:150)
>> at
>> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.getObject_aroundBody0(ProvisioningServiceImpl.java:193)
>> at
>> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl$AjcClosure1.run(ProvisioningServiceImpl.java:1)
>> at
>> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
>> at
>> com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:192)
>> at
>> com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
>> at
>> com.evolveum.midpoint.util.aspect.MidpointAspect.processProvisioningNdc(MidpointAspect.java:82)
>> at
>> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.getObject(ProvisioningServiceImpl.java:144)
>> at
>> com.evolveum.midpoint.model.ModelObjectResolver.getObject(ModelObjectResolver.java:138)
>> at
>> com.evolveum.midpoint.model.controller.ModelController.getObject_aroundBody0(ModelController.java:229)
>> at
>> com.evolveum.midpoint.model.controller.ModelController$AjcClosure1.run(ModelController.java:1)
>> at
>> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
>> at
>> com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:192)
>> at
>> com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
>> at
>> com.evolveum.midpoint.util.aspect.MidpointAspect.processModelNdc(MidpointAspect.java:77)
>> at
>> com.evolveum.midpoint.model.controller.ModelController.getObject(ModelController.java:207)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:601)
>> at
>> org.apache.wicket.proxy.LazyInitProxyFactory$JdkHandler.invoke(LazyInitProxyFactory.java:435)
>> at $Proxy176.getObject(Unknown Source)
>> at
>> com.evolveum.midpoint.web.page.admin.resources.PageAdminResources.loadResource(PageAdminResources.java:66)
>> at
>> com.evolveum.midpoint.web.page.admin.resources.PageResource.loadResourceDto(PageResource.java:97)
>> at
>> com.evolveum.midpoint.web.page.admin.resources.PageResource.access$0(PageResource.java:88)
>> at
>> com.evolveum.midpoint.web.page.admin.resources.PageResource$1.load(PageResource.java:82)
>> at
>> com.evolveum.midpoint.web.page.admin.resources.PageResource$1.load(PageResource.java:1)
>> at
>> com.evolveum.midpoint.web.component.util.LoadableModel.getObject(LoadableModel.java:46)
>> at
>> com.evolveum.midpoint.web.page.admin.resources.PageResource.testConnectionPerformed(PageResource.java:301)
>> at
>> com.evolveum.midpoint.web.page.admin.resources.PageResource.access$2(PageResource.java:300)
>> at
>> com.evolveum.midpoint.web.page.admin.resources.PageResource$11.onClick(PageResource.java:273)
>> at
>> org.apache.wicket.ajax.markup.html.AjaxLink$1.onEvent(AjaxLink.java:86)
>> at
>> org.apache.wicket.ajax.AjaxEventBehavior.respond(AjaxEventBehavior.java:123)
>> at
>> org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest(AbstractDefaultAjaxBehavior.java:626)
>> at sun.reflect.GeneratedMethodAccessor507.invoke(Unknown Source)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:601)
>> at
>> org.apache.wicket.RequestListenerInterface.internalInvoke(RequestListenerInterface.java:258)
>> at
>> org.apache.wicket.RequestListenerInterface.invoke(RequestListenerInterface.java:241)
>> at
>> org.apache.wicket.core.request.handler.ListenerInterfaceRequestHandler.invokeListener(ListenerInterfaceRequestHandler.java:247)
>> at
>> org.apache.wicket.core.request.handler.ListenerInterfaceRequestHandler.respond(ListenerInterfaceRequestHandler.java:226)
>> at
>> org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:861)
>> at
>> org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64)
>> at
>> org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:261)
>> at
>> org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:218)
>> at
>> org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:289)
>> at
>> org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:259)
>> at
>> org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:201)
>> at
>> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282)
>> at
>> org.atmosphere.util.AtmosphereFilterChain.doFilter(AtmosphereFilterChain.java:155)
>> at
>> org.atmosphere.util.AtmosphereFilterChain.invokeFilterChain(AtmosphereFilterChain.java:132)
>> at
>> org.atmosphere.handler.ReflectorServletProcessor$FilterChainServletWrapper.service(ReflectorServletProcessor.java:314)
>> at
>> org.atmosphere.handler.ReflectorServletProcessor.onRequest(ReflectorServletProcessor.java:172)
>> at
>> org.atmosphere.cpr.AsynchronousProcessor.action(AsynchronousProcessor.java:259)
>> at
>> org.atmosphere.cpr.AsynchronousProcessor.suspended(AsynchronousProcessor.java:166)
>> at
>> org.atmosphere.container.BlockingIOCometSupport.service(BlockingIOCometSupport.java:101)
>> at
>> org.atmosphere.container.Tomcat7BIOSupportWithWebSocket.doService(Tomcat7BIOSupportWithWebSocket.java:65)
>> at
>> org.atmosphere.container.TomcatWebSocketUtil.doService(TomcatWebSocketUtil.java:87)
>> at
>> org.atmosphere.container.Tomcat7BIOSupportWithWebSocket.service(Tomcat7BIOSupportWithWebSocket.java:61)
>> at
>> org.atmosphere.cpr.AtmosphereFramework.doCometSupport(AtmosphereFramework.java:1441)
>> at
>> org.atmosphere.cpr.AtmosphereServlet.doPost(AtmosphereServlet.java:296)
>> at
>> org.atmosphere.cpr.AtmosphereServlet.doGet(AtmosphereServlet.java:282)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
>> at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:311)
>> at
>> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:116)
>> at
>> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
>> at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>> at
>> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
>> at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>> at
>> org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101)
>> at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>> at
>> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
>> at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>> at
>> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
>> at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>> at
>> org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
>> at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>> at
>> org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
>> at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>> at
>> org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182)
>> at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>> at
>> org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
>> at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>> at
>> org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
>> at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>> at
>> org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:125)
>> at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>> at
>> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
>> at
>> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
>> at
>> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
>> at
>> com.evolveum.midpoint.web.util.MidPointProfilingServletFilter.doFilter(MidPointProfilingServletFilter.java:86)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
>> at
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
>> at
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
>> at
>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
>> at
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
>> at
>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
>> at
>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
>> at
>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
>> at
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
>> at
>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
>> at
>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
>> at
>> org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:1852)
>> at
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
>> at
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
>> at java.lang.Thread.run(Thread.java:722)
>>
>> |
>>
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From pavol.mederly at gmail.com Wed Jan 15 15:21:09 2014
From: pavol.mederly at gmail.com (Pavol Mederly)
Date: Wed, 15 Jan 2014 15:21:09 +0100
Subject: [midPoint] Midpoint snapshot vs. AD connector
In-Reply-To: <52D685AC.8010107@ami.cz>
References: <52D3EEC3.8050805@ami.cz> <52D3FB07.4080505@gmail.com>
<52D685AC.8010107@ami.cz>
Message-ID: <52D69955.1010602@gmail.com>
Hello Lucie,
could you please send me (to mederly at evolveum.com) the log from the .Net
Connector Server? From the stack trace here I cannot determine the reason.
Regards,
Pavol
On 15. 1. 2014 13:57, Lucie Rút Bittnerová wrote:
> Hello,
>
> unfortunately the AD error is deterministic, it occurs every time.
>
> Lucie
>
> Dne 13.1.2014 15:41, Pavol Mederly napsal(a):
>> Hello Lucie,
>>
>> the snapshot should now work - the version is v2.3devel-877-geb216d9.
>>
>> As for the other (AD-related) error, I cannot say why it occurred. If
>> it happens again, please let us know.
>>
>> Best regards,
>> Pavol
>>
>>
>> On 13. 1. 2014 14:48, Lucie Rút Bittnerová wrote:
>>> Hi,
>>>
>>> I have tried the last repository midpoint version, but it didn't
>>> load to the Tomcat with this exception:
>>>
>>> 2014-01-13 12:09:43,884 [localhost-startStop-1] ERROR
>>> (org.springframework.web.context.ContextLoader): Context
>>> initialization failed
>>> org.springframework.beans.factory.BeanCreationException: Error
>>> creating bean with name 'generalChangeProcessor': Invocation of init
>>> method failed; nested exception is
>>> com.evolveum.midpoint.util.exception.SystemException: There's no
>>> generalChangeProcessorConfiguration element in
>>> generalChangeProcessor configuration.
>>>
>>> So I downloaded a bit older version
>>> (6a8eba40655dc9dcb400932370a1506d858d06da) but there I have a
>>> problem that I cannot connect to the AD using the configuration,
>>> which worked for me with the midpoint version from the beginning of
>>> November. Is it some bug or have I to change my configuration to get
>>> i working?
>>>
>>> Thanks,
>>> Lucie Rut Bittnerova
>>>
>>>
>>> UCF connector initialization
>>>
>>> * org.identityconnectors.framework.impl.api.remote.RemoteWrappedException(Odkaz
>>> na objekt není nastaven na instanci objektu.)
>>> * _Context:_ connector:
>>> connector:ad911768-ad4a-458d-b829-22f042d226a9(ICF
>>> Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector
>>> v1.0.0.20069 @ICF Connector server on 10.0.0.35:8759)
>>> * _Context:_ implementationClass: class
>>> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl
>>> * _Cause:_
>>>
>>> org.identityconnectors.framework.impl.api.remote.RemoteWrappedException(Odkaz
>>> na objekt není nastaven na instanci objektu.)
>>>
>>> [ HIDE ERROR STACK ]
>>> |
>>>
>>> com.evolveum.midpoint.provisioning.ucf.api.GenericFrameworkException:
>>> org.identityconnectors.framework.impl.api.remote.RemoteWrappedException(Odkaz
>>> na objekt není nastaven na instanci objektu.)
>>> at
>>> com.evolveum.midpoint.provisioning.ucf.impl.IcfUtil.processIcfException(IcfUtil.java:217)
>>> at
>>> com.evolveum.midpoint.provisioning.ucf.impl.IcfUtil.processIcfException(IcfUtil.java:73)
>>> at
>>> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.retrieveResourceSchema(ConnectorInstanceIcfImpl.java:546)
>>> at
>>> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.initialize_aroundBody4(ConnectorInstanceIcfImpl.java:446)
>>> at
>>> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl$AjcClosure5.run(ConnectorInstanceIcfImpl.java:1)
>>> at
>>> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
>>> at
>>> com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:192)
>>> at
>>> com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
>>> at
>>> com.evolveum.midpoint.util.aspect.MidpointAspect.processUcfNdc(MidpointAspect.java:92)
>>> at
>>> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.initialize(ConnectorInstanceIcfImpl.java:426)
>>> at
>>> com.evolveum.midpoint.provisioning.impl.ConnectorManager.createConfiguredConnectorInstance(ConnectorManager.java:161)
>>> at
>>> com.evolveum.midpoint.provisioning.impl.ConnectorManager.getConfiguredConnectorInstance(ConnectorManager.java:128)
>>> at
>>> com.evolveum.midpoint.provisioning.impl.ResourceManager.getConnectorInstance(ResourceManager.java:823)
>>> at
>>> com.evolveum.midpoint.provisioning.impl.ResourceManager.completeResource(ResourceManager.java:256)
>>> at
>>> com.evolveum.midpoint.provisioning.impl.ResourceManager.putToCache(ResourceManager.java:156)
>>> at
>>> com.evolveum.midpoint.provisioning.impl.ResourceManager.getResource(ResourceManager.java:150)
>>> at
>>> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.getObject_aroundBody0(ProvisioningServiceImpl.java:193)
>>> at
>>> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl$AjcClosure1.run(ProvisioningServiceImpl.java:1)
>>> at
>>> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
>>> at
>>> com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:192)
>>> at
>>> com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
>>> at
>>> com.evolveum.midpoint.util.aspect.MidpointAspect.processProvisioningNdc(MidpointAspect.java:82)
>>> at
>>> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.getObject(ProvisioningServiceImpl.java:144)
>>> at
>>> com.evolveum.midpoint.model.ModelObjectResolver.getObject(ModelObjectResolver.java:138)
>>> at
>>> com.evolveum.midpoint.model.controller.ModelController.getObject_aroundBody0(ModelController.java:229)
>>> at
>>> com.evolveum.midpoint.model.controller.ModelController$AjcClosure1.run(ModelController.java:1)
>>> at
>>> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
>>> at
>>> com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:192)
>>> at
>>> com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
>>> at
>>> com.evolveum.midpoint.util.aspect.MidpointAspect.processModelNdc(MidpointAspect.java:77)
>>> at
>>> com.evolveum.midpoint.model.controller.ModelController.getObject(ModelController.java:207)
>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> at
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>>> at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>> at java.lang.reflect.Method.invoke(Method.java:601)
>>> at
>>> org.apache.wicket.proxy.LazyInitProxyFactory$JdkHandler.invoke(LazyInitProxyFactory.java:435)
>>> at $Proxy176.getObject(Unknown Source)
>>> at
>>> com.evolveum.midpoint.web.page.admin.resources.PageAdminResources.loadResource(PageAdminResources.java:66)
>>> at
>>> com.evolveum.midpoint.web.page.admin.resources.PageResource.loadResourceDto(PageResource.java:97)
>>> at
>>> com.evolveum.midpoint.web.page.admin.resources.PageResource.access$0(PageResource.java:88)
>>> at
>>> com.evolveum.midpoint.web.page.admin.resources.PageResource$1.load(PageResource.java:82)
>>> at
>>> com.evolveum.midpoint.web.page.admin.resources.PageResource$1.load(PageResource.java:1)
>>> at
>>> com.evolveum.midpoint.web.component.util.LoadableModel.getObject(LoadableModel.java:46)
>>> at
>>> com.evolveum.midpoint.web.page.admin.resources.PageResource.testConnectionPerformed(PageResource.java:301)
>>> at
>>> com.evolveum.midpoint.web.page.admin.resources.PageResource.access$2(PageResource.java:300)
>>> at
>>> com.evolveum.midpoint.web.page.admin.resources.PageResource$11.onClick(PageResource.java:273)
>>> at
>>> org.apache.wicket.ajax.markup.html.AjaxLink$1.onEvent(AjaxLink.java:86)
>>> at
>>> org.apache.wicket.ajax.AjaxEventBehavior.respond(AjaxEventBehavior.java:123)
>>> at
>>> org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest(AbstractDefaultAjaxBehavior.java:626)
>>> at sun.reflect.GeneratedMethodAccessor507.invoke(Unknown Source)
>>> at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>> at java.lang.reflect.Method.invoke(Method.java:601)
>>> at
>>> org.apache.wicket.RequestListenerInterface.internalInvoke(RequestListenerInterface.java:258)
>>> at
>>> org.apache.wicket.RequestListenerInterface.invoke(RequestListenerInterface.java:241)
>>> at
>>> org.apache.wicket.core.request.handler.ListenerInterfaceRequestHandler.invokeListener(ListenerInterfaceRequestHandler.java:247)
>>> at
>>> org.apache.wicket.core.request.handler.ListenerInterfaceRequestHandler.respond(ListenerInterfaceRequestHandler.java:226)
>>> at
>>> org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:861)
>>> at
>>> org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64)
>>> at
>>> org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:261)
>>> at
>>> org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:218)
>>> at
>>> org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:289)
>>> at
>>> org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:259)
>>> at
>>> org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:201)
>>> at
>>> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282)
>>> at
>>> org.atmosphere.util.AtmosphereFilterChain.doFilter(AtmosphereFilterChain.java:155)
>>> at
>>> org.atmosphere.util.AtmosphereFilterChain.invokeFilterChain(AtmosphereFilterChain.java:132)
>>> at
>>> org.atmosphere.handler.ReflectorServletProcessor$FilterChainServletWrapper.service(ReflectorServletProcessor.java:314)
>>> at
>>> org.atmosphere.handler.ReflectorServletProcessor.onRequest(ReflectorServletProcessor.java:172)
>>> at
>>> org.atmosphere.cpr.AsynchronousProcessor.action(AsynchronousProcessor.java:259)
>>> at
>>> org.atmosphere.cpr.AsynchronousProcessor.suspended(AsynchronousProcessor.java:166)
>>> at
>>> org.atmosphere.container.BlockingIOCometSupport.service(BlockingIOCometSupport.java:101)
>>> at
>>> org.atmosphere.container.Tomcat7BIOSupportWithWebSocket.doService(Tomcat7BIOSupportWithWebSocket.java:65)
>>> at
>>> org.atmosphere.container.TomcatWebSocketUtil.doService(TomcatWebSocketUtil.java:87)
>>> at
>>> org.atmosphere.container.Tomcat7BIOSupportWithWebSocket.service(Tomcat7BIOSupportWithWebSocket.java:61)
>>> at
>>> org.atmosphere.cpr.AtmosphereFramework.doCometSupport(AtmosphereFramework.java:1441)
>>> at
>>> org.atmosphere.cpr.AtmosphereServlet.doPost(AtmosphereServlet.java:296)
>>> at
>>> org.atmosphere.cpr.AtmosphereServlet.doGet(AtmosphereServlet.java:282)
>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
>>> at
>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
>>> at
>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
>>> at
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:311)
>>> at
>>> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:116)
>>> at
>>> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
>>> at
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>>> at
>>> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
>>> at
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>>> at
>>> org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101)
>>> at
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>>> at
>>> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
>>> at
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>>> at
>>> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
>>> at
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>>> at
>>> org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
>>> at
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>>> at
>>> org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
>>> at
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>>> at
>>> org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182)
>>> at
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>>> at
>>> org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
>>> at
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>>> at
>>> org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
>>> at
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>>> at
>>> org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:125)
>>> at
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
>>> at
>>> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
>>> at
>>> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
>>> at
>>> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
>>> at
>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
>>> at
>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
>>> at
>>> com.evolveum.midpoint.web.util.MidPointProfilingServletFilter.doFilter(MidPointProfilingServletFilter.java:86)
>>> at
>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
>>> at
>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
>>> at
>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
>>> at
>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
>>> at
>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
>>> at
>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
>>> at
>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
>>> at
>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
>>> at
>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
>>> at
>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
>>> at
>>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
>>> at
>>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
>>> at
>>> org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:1852)
>>> at
>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
>>> at
>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
>>> at java.lang.Thread.run(Thread.java:722)
>>>
>>> |
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From lucie.bittnerova at ami.cz Fri Jan 17 15:44:58 2014
From: lucie.bittnerova at ami.cz (=?ISO-8859-2?Q?Lucie_R=FAt_Bittnerov=E1?=)
Date: Fri, 17 Jan 2014 15:44:58 +0100
Subject: [midPoint] Midpoint features
Message-ID: <52D941EA.7060307@ami.cz>
Hello,
I have a question whether midpoint supports or will support these features:
1) Can a user request for some role? There is a child element
"requestable" in xml schema for element role but is it supported?
2) I need finer granularity for authorization. For example I need to
allow a user to read his attributes (but not to modify them) or to
modify selected attributes. Are there any plans to support this feature?
3) Is it possible to be allowed to add/remove roles of users but without
possibility to change user attributes?
4) Is there any support for time limited roles?
Thanks
Lucie
From radovan.semancik at evolveum.com Fri Jan 17 16:48:30 2014
From: radovan.semancik at evolveum.com (Radovan Semancik)
Date: Fri, 17 Jan 2014 16:48:30 +0100
Subject: [midPoint] Midpoint features
In-Reply-To: <52D941EA.7060307@ami.cz>
References: <52D941EA.7060307@ami.cz>
Message-ID: <52D950CE.8090607@evolveum.com>
Hi Lucie,
On 01/17/2014 03:44 PM, Lucie Rút Bittnerová wrote:
> 1) Can a user request for some role? There is a child element
> "requestable" in xml schema for element role but is it supported?
User requests a role simply by assigning the role to himself. If no
approvals are configured then the role gets assigned immediately. If
there are approvals then the approvals are processed first and the the
role is either assigned or the operation is cancelled.
However there are two things to consider in midPoint 2.2:
* Authorization scheme of midPoint 2.2 is very rough. Simply speaking
you can only give user a privilege to assign all roles or no roles at
all (in fact the authorization is even broader).
* There is no special part of GUI that can be used for user to assign a
role just to himself.
Both of these should be greatly improved in 2.3. But if you want a
solution for midPoint 2.2 then the best strategy is to create a simple
end-user interface that will process role requests from the users. Such
interface can then use midPoint webservice to initiate role request in
midPoint. The custom end-user interface can also enforce any kind of
authorization mechanism. Creating such simple GUI should be very easy
for any reasonably experience web developer. There is also a Java client
code with samples that can be used by your custom GUI code to simplify
the development of such interface in Java. Other platforms can use the
web service using their own tools (we have WSDL/XSD definition). E.g. we
have information that .NET web service clients works reasonably well.
There is actually very strong reason behind this: The end-user
interfaces usually take many forms in IDM deployments: Java portlet,
proprietary plugin into enterprise portal, custom portlet (e.g. in
liferay), integrated with "primary" access mamagement system (such as
AD) and so on. Therefore we haven't invested much effort in midPoint's
end-user interface until midPoint user's specifically request how the
end user interface should look like and what exactly it should do. We
have some requests already and these will be reflected in midPoint 2.3.
If you have any specifications or idea how the midPoint end user
interface should look like in the future we will be very grateful if you
can share them. This kind of feedback will help a lot to guide future
midPoint development.
The "requestable" property of roles is meant to allow GUI to list only
the roles that are normally requestable. This property is currently not
used by main midPoint code and it is there especially to support custom
end-user GUIs: the roles can be searched using midPoint web service and
therefore the custom GUI can display a list of relevant roles.
> 2) I need finer granularity for authorization. For example I need to
> allow a user to read his attributes (but not to modify them) or to
> modify selected attributes. Are there any plans to support this feature?
Yes, there are. This is part of our "delegated authorization" feature
and it will be supported in midPoint 2.3.
> 3) Is it possible to be allowed to add/remove roles of users but
> without possibility to change user attributes?
Not in midPoint 2.2. But this is planned for midPoint 2.3.
> 4) Is there any support for time limited roles?
There is limited support for something that we call "time constraints"
in mappings and also limited support for "validity intervals". MidPoint
2.2 officially supports that only for users, not for roles. However the
code that is processing the time-related properties is very generic and
it may either (unintentionaly) work in 2.2 or may be very easy to fix in
2.3.
It looks like waiting for midPoint 2.3 is your best option here. It is
currently under development and the release is planned for late
spring/early summer. However the development code is in a pretty good
shape. If you are interested in these features and you have some time it
could help a lot if you could help us with specifications and testing.
What we want exactly:
1) Specify your use cases.
2) Communicate with developers while the features are being developed.
3) Test the features (in development version, before release).
4) Repeat steps 2 and 3
This approach will greatly improve the chances that the features that
you want will be part of the next release and that they will actually
work well for you.
As you are not the first one who asks for a new feature I have found a
time to write down the guide:
https://wiki.evolveum.com/display/midPoint/Feature+Request
--
Radovan Semancik
Software Architect
evolveum.com
From lucie.bittnerova at ami.cz Fri Jan 17 17:34:38 2014
From: lucie.bittnerova at ami.cz (=?ISO-8859-1?Q?Lucie_R=FAt_Bittnerov=E1?=)
Date: Fri, 17 Jan 2014 17:34:38 +0100
Subject: [midPoint] Midpoint features
In-Reply-To: <52D950CE.8090607@evolveum.com>
References: <52D941EA.7060307@ami.cz> <52D950CE.8090607@evolveum.com>
Message-ID: <52D95B9E.8080104@ami.cz>
Hi,
Thank you for your answer. At first I have to say that I am using
development version 2.3, some commit from November (with the last one
doesn't work my AD configuration) and I am looking forward to its
release. The version 2.2 misses many important features. It looks like
almost everything I asked now will be resolved in the version 2.3.
Lucie
Dne 17.1.2014 16:48, Radovan Semancik napsal(a):
> Hi Lucie,
>
> On 01/17/2014 03:44 PM, Lucie Rút Bittnerová wrote:
>> 1) Can a user request for some role? There is a child element
>> "requestable" in xml schema for element role but is it supported?
>
> User requests a role simply by assigning the role to himself. If no
> approvals are configured then the role gets assigned immediately. If
> there are approvals then the approvals are processed first and the the
> role is either assigned or the operation is cancelled.
>
> However there are two things to consider in midPoint 2.2:
> * Authorization scheme of midPoint 2.2 is very rough. Simply speaking
> you can only give user a privilege to assign all roles or no roles at
> all (in fact the authorization is even broader).
> * There is no special part of GUI that can be used for user to assign
> a role just to himself.
>
> Both of these should be greatly improved in 2.3. But if you want a
> solution for midPoint 2.2 then the best strategy is to create a simple
> end-user interface that will process role requests from the users.
> Such interface can then use midPoint webservice to initiate role
> request in midPoint. The custom end-user interface can also enforce
> any kind of authorization mechanism. Creating such simple GUI should
> be very easy for any reasonably experience web developer. There is
> also a Java client code with samples that can be used by your custom
> GUI code to simplify the development of such interface in Java. Other
> platforms can use the web service using their own tools (we have
> WSDL/XSD definition). E.g. we have information that .NET web service
> clients works reasonably well.
>
> There is actually very strong reason behind this: The end-user
> interfaces usually take many forms in IDM deployments: Java portlet,
> proprietary plugin into enterprise portal, custom portlet (e.g. in
> liferay), integrated with "primary" access mamagement system (such as
> AD) and so on. Therefore we haven't invested much effort in midPoint's
> end-user interface until midPoint user's specifically request how the
> end user interface should look like and what exactly it should do. We
> have some requests already and these will be reflected in midPoint
> 2.3. If you have any specifications or idea how the midPoint end user
> interface should look like in the future we will be very grateful if
> you can share them. This kind of feedback will help a lot to guide
> future midPoint development.
>
> The "requestable" property of roles is meant to allow GUI to list only
> the roles that are normally requestable. This property is currently
> not used by main midPoint code and it is there especially to support
> custom end-user GUIs: the roles can be searched using midPoint web
> service and therefore the custom GUI can display a list of relevant
> roles.
>
>> 2) I need finer granularity for authorization. For example I need to
>> allow a user to read his attributes (but not to modify them) or to
>> modify selected attributes. Are there any plans to support this feature?
>
> Yes, there are. This is part of our "delegated authorization" feature
> and it will be supported in midPoint 2.3.
>
>> 3) Is it possible to be allowed to add/remove roles of users but
>> without possibility to change user attributes?
>
> Not in midPoint 2.2. But this is planned for midPoint 2.3.
>
>> 4) Is there any support for time limited roles?
>
> There is limited support for something that we call "time constraints"
> in mappings and also limited support for "validity intervals".
> MidPoint 2.2 officially supports that only for users, not for roles.
> However the code that is processing the time-related properties is
> very generic and it may either (unintentionaly) work in 2.2 or may be
> very easy to fix in 2.3.
>
> It looks like waiting for midPoint 2.3 is your best option here. It is
> currently under development and the release is planned for late
> spring/early summer. However the development code is in a pretty good
> shape. If you are interested in these features and you have some time
> it could help a lot if you could help us with specifications and
> testing. What we want exactly:
>
> 1) Specify your use cases.
> 2) Communicate with developers while the features are being developed.
> 3) Test the features (in development version, before release).
> 4) Repeat steps 2 and 3
>
> This approach will greatly improve the chances that the features that
> you want will be part of the next release and that they will actually
> work well for you.
>
> As you are not the first one who asks for a new feature I have found a
> time to write down the guide:
> https://wiki.evolveum.com/display/midPoint/Feature+Request
>
From radovan.semancik at evolveum.com Fri Jan 31 11:38:58 2014
From: radovan.semancik at evolveum.com (Radovan Semancik)
Date: Fri, 31 Jan 2014 11:38:58 +0100
Subject: [midPoint] midPoint release 2.2.1 (Crius update 1)
In-Reply-To: <50C734E5.9040003@evolveum.com>
References: <50C734E5.9040003@evolveum.com>
Message-ID: <52EB7D42.7030406@evolveum.com>
The Evolveum team is proud to announce the release of midPoint version 2.2.1
Release 2.2.1 is a tenth midPoint release. It is also the first
maintenance update for 2.2.x version family code-named Crius. Crius
brings new features, better stability, robustness and performance. It
comes with production ready workflows, numerous activation enhancements,
it introduces authorizations for GUI and a lot of other features.
Among other things midPoint source code was migrated to Git and license
was changed to more open source friendly one - Apache License version
2.0. The Crius update 1 brings numerous stability improvements and
a couple of new minor features.
For more information about Crius please see release notes at
http://wiki.evolveum.com/display/midPoint/Release+2.2.1
About midPoint
MidPoint is user provisioning system. It is a tool that synchronizes
several identity repositories, manages them and makes them available in
unified form. It belongs to the user provisioning category of the
enterprise identity management field. It handles user provisioning,
identity synchronization, identity process automation and provides
numerous features in the field of enterprise identity management. The
development process of midPoint is pragmatic and open, it focuses on
usability and solutions to the practical identity management challenges.
For more information please see http://midpoint.evolveum.com/
About Evolveum
Evolveum is a company committed to develop creative, open and - most
importantly - working software. We strive to continually improve the
software in a creative way. All software that we develop is open-source
using completely open development process. The software is created with
one critical goal in mind: usability. The software must work, it must be
efficient solution to an existing problem, the software must provide
value. Pragmatic engineering processes are our methods, working software
is our ultimate goal.
For more details please see http://evolveum.com/
regards,
Igor Farinic
Senior Software Engineer
Evolveum, s.r.o.
_______________________________________________
midPoint-dev mailing list
midPoint-dev at lists.evolveum.com
http://lists.evolveum.com/mailman/listinfo/midpoint-dev