[midPoint] AD Connector

Pavol Mederly mederly at evolveum.com
Tue May 6 00:08:15 CEST 2014 

Hello, Sam,

first of all, I apologize for mismatches in documentation and wiki 
pages. Although I've promised on this list a few days ago that I'll 
upload current version of the connector/framework, I had no time to do 
that, until today.

So,

*(1)* You can download current version of .Net Connector Server 
(1.4.0.20) from links mentioned in the wiki page you've already visited 
(https://wiki.evolveum.com/display/midPoint/.NET+Connector+Server)
Also, I've built the AD and Exchange connectors; you can download them 
(1.4.0.20140) from their pages in our wiki as well 
(https://wiki.evolveum.com/display/midPoint/Active+Directory+Connector, 
https://wiki.evolveum.com/display/midPoint/Exchange+Connector).

I would suggest you to use these packages instead of ForgeRock ones. As 
for the Connector Server, they should be more-or-less equal, but our 
Active Directory connector contains some quite important enhancements, 
dealing e.g. with the performance (see 
https://jira.evolveum.com/browse/MID-1485).

If you need the sources, they are here:

  * for Connector Server:
      o the common distribution (maintained together by Tirasa,
        ForgeRock and Evolveum): https://github.com/tirasa/ConnId
      o the Evolveum distribution: https://github.com/Evolveum/ConnId
        (In both repositories, take branch 1_4_X_Y.)

  * for Active Directory Connector:
      o https://github.com/Evolveum/openicf

*(2)* You're right concerning the changes you've done in the 
ConnectorHost configuration. Just for simplicity, I would suggest 
starting with <protectConnection> turned off. After establishing the 
connection you can of course add the SSL support.

*(3)* As for the ad-resource-simple.xml, it works for me without 
problems. The only thing I had to do is to configure 
icfc:configurationProperties.

Please try with the latest snapshot (java code and samples). I also send 
you my configuration in the attachment.

If the problem will still persist, please let me know.

Perhaps one question: have you succeed in discovering the connectors on 
your connector host? (See step Discover Connectors in 
https://wiki.evolveum.com/display/midPoint/Active+Directory+HOWTO)

Best regards,
Pavol

On 5. 5. 2014 15:26, Sam Verboven wrote:
> Dear,
> I've been looking at Midpoint as a candidate for an upcoming IDM 
> project. However, I'm having some difficulties connecting to AD.
> I started on Friday using the latest the latest snapshot. I'll first 
> describe the changes need to get to my current problem.
>
>     1) Following
>     https://wiki.evolveum.com/display/midPoint/.NET+Connector+Server I
>     found out the offered version (1.4.0.14) of connid was not recent
>     enough. SerializeBinary.cs had a version mismatch: 1 was expected,
>     2 was offered. I could not find the sourcecode on the midpoint
>     sites, but I managed to find a newer version on the forgerock repo:
>
>         /svn checkout https://svn.forgerock.org/openicf/trunk//
>
>     Compiling the code gave me a compatible connector.
>
>
>     2) Following
>     https://wiki.evolveum.com/display/midPoint/Active+Directory#ActiveDirectory-ConnectorHostConfiguration
>     and https://wiki.evolveum.com/display/midPoint/ConnectorHostType I
>     got stranded again trying to add a ConnectorHost. After some trial
>     and error I found a working configuration by changing common-2a to
>     common-3, adding protecConnection and removing the clearValue tags:
>
>         /<?xml version="1.0" encoding="UTF-8" standalone="yes"?>/
>
>         /
>         /
>
>         /<object xsi:type="ConnectorHostType"/
>
>         /xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"/
>
>         /xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/
>
>         /oid="91919191-76e0-59e2-86d6-44cc44cc44cc >/
>
>         //
>
>         /    <name>ICF Connector server on rd.local:8759</name>/
>
>         /    <hostname> 192.168.102.107</hostname>/
>
>         /    <port>8759</port>/
>
>         /    <sharedSecret>My secret</sharedSecret>/
>
>         /<protectConnection>true</protectConnection>/
>
>         /</object>/
>
>     3) Currently I'm stuck trying to add the actual connector. I've
>     tried modifying the examples that are included in the snapshot:
>
>         /midpoint-2.3-SNAPSHOT\samples\resources\ad\ad-resource-simple.xml/
>
>
>     Using the default xml file configured for my setup, I get XML
>     problems:
>
>         /Validation error: cvc-complex-type.2.4.a: Invalid content was
>         found starting with element 'resource'. One of
>         '{"http://midpoint.evolveum.com/xml/ns/public/common/common-3":object}'
>         is expected./
>
>
>     If I replace the object tag by a resource tag, I get slightly further:
>
>         /[ SHOW ERROR STACK ] Collapse all Expand all Export to XML/
>
>         /ok - Schema validation/
>
>         /ok - Basic checks/
>
>         /ok - Resource namespace check/
>
>         /ok -
>         operation.com.evolveum.midpoint.model.controller.ModelController.searchObjects/
>
>         /ok - Execute changes (Model)/
>
>
>         *error - Connector reference missing in the resource
>         resource:91919191-76e0-59e2-86d6-44cc44cc44cc(Basic Active
>         Directory)*
>
>     Configuration:
>
>         /<resource
>         xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"/
>
>         /           
>          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/
>
>         /             xmlns:xsd="http://www.w3.org/2001/XMLSchema"/
>
>         /           
>          xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"/
>
>         /           
>          xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3"/
>
>         /           
>          xmlns:idfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"/
>
>         /             xmlns:my="http://myself.me/schemas/whatever"/
>
>         /           
>          xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"/
>
>         / oid='91919191-76e0-59e2-86d6-44cc44cc44cc'>/
>
>         /
>         /
>
>         /                           <!-- Resource name. It will be
>         displayed in GUI.  -->/
>
>         /                           <name>Basic Active Directory</name>/
>
>         /...../
>
>
> I understand that the snapshots are not yet a finished product, but 
> any help would be greatly appreciated.
> I think it would be helpful for others to figure out the problem and 
> modify the wiki steps once the issue has been sorted out.
> Regards,
> Sam Verboven
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20140506/bfe5cd10/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ad.xml
Type: text/xml
Size: 4776 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20140506/bfe5cd10/attachment.xml>

More information about the midPoint mailing list